HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2012-0217

CVSS 7.2v2.0pub. 2012-06-12upd. 2026-04-29

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.

CVSS Vector
AV:L/AC:L/Au:N/C:C/I:C/A:C
  • Citrix Xenserver

    APP
    Citrix
    6.0≤ 6.0.2
  • Freebsd

    OS
    Freebsd
    ≤ 9.0
  • Illumos

    OS
    Illumos
    ≤ r13723
  • Joyent Smartos

    OS
    Joyent
    ≤ 20120614
  • Microsoft Windows 7

    OS
    Microsoft
    wszystkie wersje
  • Microsoft Windows Server 2003

    OS
    Microsoft
    wszystkie wersje
  • Microsoft Windows Server 2008

    OS
    Microsoft
    r2
  • Microsoft Windows Xp

    OS
    Microsoft
    wszystkie wersje
  • Netbsd

    OS
    Netbsd
    ≤ 6.0
  • Sun Sunos

    OS
    Sun
    ≤ 5.11
  • Xen

    OS
    Xen
    4.0.04.0.14.0.24.0.34.0.44.1.04.1.1≤ 4.1.2
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2020-1350CRITICAL10.0⚠ KEVten sam produkt

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly ...

CVE-2020-1040CRITICAL9.0⚠ KEVten sam produkt

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly val...

CVE-2020-0646CRITICAL9.8⚠ KEVten sam produkt

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properl...

CVE-2019-0708CRITICAL9.8⚠ KEVten sam produkt

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services wh...

CVE-2017-8543CRITICAL9.8⚠ KEVten sam produkt

Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows S...