thr3ads.net - Xen devel - Re: [oss-security] Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs [Dec 2012]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Steven M. Christey

2012-Dec-13 22:03 UTC

Re: [oss-security] Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs

All,

This advisory required two different CVE IDs - not one - because the 
stack-based buffer overflow was fixed in a different version than the 
other issues.  CVE assigns different IDs when bugs are not present in the 
same exact set of versions.

CVE-2012-5511 - use this, but only for the stack-based buffer overflow 
that was fixed in 4.2.

CVE-2012-6333 - new ID for the other "large input" validation issues
that
lead to the physical CPU hang, which were NOT fixed in 4.2.


- Steve

Xen devel - Dec 2012 - Re: [oss-security] Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs

Re: [oss-security] Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs