Updated: June 13, 2012
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
Systems using AMD CPUs are not vulnerable to this privilege escalation. AMD have issued the following statement: AMD processors' SYSRET behavior is such that a non-canonical address in RCX does not generate a #GP while in CPL0. We have verified this with our architecture team, with our design team, and have performed tests that verified this on silicon. Therefore, this privilege escalation exposure is not applicable to any AMD processor. This statement comes from the Xen security advisory.
Notified: May 01, 2012 Updated: June 08, 2012
Statement Date: May 15, 2012
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Updated: June 18, 2012
Affected
A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including version 6.0.2. The following issues have been addressed: • 64-bit PV guest to host privilege escalation vulnerability. This issue only impacts servers running on Intel processors and could permit a 64-bit PV guest to compromise the XenServer host (CVE-2012-0217). • Guest denial of service on syscall/sysenter exception generation. This issue could permit user code within a PV guest to crash the guest operating system (CVE-2012-0218). • Administrative connections to VM consoles through XAPI or XenCenter could be routed to the wrong VM.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 02, 2012 Updated: May 02, 2012
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 02, 2012 Updated: May 02, 2012
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2012 Updated: June 12, 2012
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 02, 2012 Updated: May 02, 2012
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2012 Updated: May 01, 2012
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2012 Updated: May 01, 2012
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2012 Updated: June 13, 2012
Statement Date: June 13, 2012
Affected
This is a software implementation issue. Intel processors are functioning as per specifications and this behavior is correctly documented in the IntelR64 Software Developers Manual, Volume 2B Pages 4-598-599.
We are not aware of further vendor information regarding this vulnerability.
Updated: June 14, 2012
Affected
We have an illumos-derived system, SmartOS -- it (and every other illumos derivative) was affected by this vulnerability. illumos issue: https://www.illumos.org/issues/2873 Patch is in hg changeset: 13724:7740792727e0. This can also be found on the github bridge: https://github.com/illumos/illumos-gate/commit/6ba2dbf5e79c7fc6e1221844ddaa2c88a42a3fc1 Joyent's cloud customers are unaffected. Joyent's SmartDataCenter customers will be receiving an updated platform, versioned joyent_20120614T001014Z.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2012 Updated: June 18, 2012
Affected
No statement is currently available from the vendor regarding this vulnerability.
This security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that exploits the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Notified: May 01, 2012 Updated: June 08, 2012
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Updated: June 25, 2012
Statement Date: June 25, 2012
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2012 Updated: June 08, 2012
Statement Date: May 11, 2012
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 21, 2012 Updated: May 21, 2012
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2012 Updated: June 12, 2012
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 02, 2012 Updated: May 02, 2012
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 02, 2012 Updated: June 12, 2012
Statement Date: May 02, 2012
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2012 Updated: May 01, 2012
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2012 Updated: June 08, 2012
Statement Date: June 08, 2012
Not Affected
The VMware Security Response Center has reviewed the technical details of CVE-2012-0217, the "#GP in sysret" vulnerability. The "sysret" instruction is not used in VMware hypervisor code, therefore VMware products are not affected by this issue. Please note that guest operating systems that are installed as virtual machines may be affected and should be patched based on the recommendation of their respective OS vendors. For further questions on this or any security vulnerability, please contact the VSRC at security@vmware.com.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 02, 2012 Updated: June 12, 2012
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.