CVE ID: CVE-2012-4536 Advisory: XSA-21 Vulnerability Type: Denial of Service (DoS) Affected Function: pirq range check Description: - The function uses the guest-provided value before performing a range check. - The function uses without checking the value. - This can lead to invalid values causing Xen to read out of array bounds, potentially resulting in a fatal page fault. Impact: A malicious guest administrator can cause Xen to crash. If the out-of-bounds access does not crash, the arbitrary value read will be ignored due to later error checking, so there is no privilege escalation or exploitable information leak. Vulnerable Systems: Only Xen version 4.1 is vulnerable. Other released versions, and xen-unstable, are not vulnerable. Only HVM guests are exposed to this vulnerability. Mitigation: Running only PV guests, or ensuring that HVM guests only use trusted kernels, will avoid this vulnerability. Resolution: The attached patch resolves this issue. Patch Download: The patch is available for download.