oss-sec mailing list archives
Re: Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs
From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Thu, 13 Dec 2012 17:03:23 -0500 (EST)
All,This advisory required two different CVE IDs - not one - because the stack-based buffer overflow was fixed in a different version than the other issues. CVE assigns different IDs when bugs are not present in the same exact set of versions.
CVE-2012-5511 - use this, but only for the stack-based buffer overflow that was fixed in 4.2.
CVE-2012-6333 - new ID for the other "large input" validation issues that lead to the physical CPU hang, which were NOT fixed in 4.2.
- Steve
Current thread:
- Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs Xen . org security team (Dec 03)
- Re: Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs Steven M. Christey (Dec 13)