CVE-2012-3432
xen - several
EPSS 1.4%
Description
The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions.
How to fix CVE-2012-3432
To remediate CVE-2012-3432, upgrade the affected package to a fixed version below.
- Debian/xen—upgrade to 4.1.3-1 or later
- Debian/xen—upgrade to 4.0.1-5.3 or later
Is CVE-2012-3432 being exploited?
Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.1.3-1
- from 0, < 4.0.1-5.3