CVE-2012-4539

Description

Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka "Grant table hypercall infinite loop DoS vulnerability."

How to fix CVE-2012-4539

To remediate CVE-2012-4539, upgrade the affected package to a fixed version below.

• Debian/xen—upgrade to 4.1.3-4 or later

Is CVE-2012-4539 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 4.1.3-4

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-4539