we track for your security since 1999

vulnerabilities

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability CVE-2012-2934

Xen, Citrix XenServer: denial of service via AMD

Synthesis of the vulnerability

An attacker in a guest ParaVirtualized 64 bit system can use a vulnerability of some AMD processors, in order to stop the host system.
Impacted products: Debian, Fedora, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform).
Severity: 1/4.
Creation date: 12/06/2012.
Identifiers: BID-53961, CERTA-2012-AVI-328, CVE-2012-2934, DSA 2501-1, FEDORA-2012-9386, FEDORA-2012-9399, FEDORA-2012-9430, openSUSE-SU-2012:0886-1, openSUSE-SU-2012:1572-1, openSUSE-SU-2012:1573-1, RHSA-2012:0721-01, SUSE-SU-2012:0730-1, VIGILANCE-VUL-11695, XSA-9.

Description of the vulnerability

AMD announced a bug in its processors, in the following case:
- the processor is in 64 bit mode
- the code segment limit is 0xFFFF FFFF
- the last byte of the current instruction is located at 0x7FFF FFFF FFFF
- the next instruction is located at 0x8000 0000 0000
In this case, a General Protection Exception occurs.

An attacker in a guest ParaVirtualized 64 bit system can therefore use a vulnerability of some AMD processors, in order to stop the host system.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Computer vulnerabilities tracking service

Vigil@nce provides software vulnerabilities analysis. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.