CVE-2012-0217

Name	CVE-2012-0217
Description	The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-2501-1, DSA-2508-1
Debian Bugs	677297, 677298, 677299

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
kfreebsd-10 (PTS)	jessie	10.1~svn274115-4	fixed
	stretch	10.3~svn300087-3	fixed
	buster	10.3~svn300087-5	fixed
xen (PTS)	jessie, jessie (lts)	4.4.4lts5-0+deb8u1	fixed
	stretch (security), stretch (lts), stretch	4.8.5.final+shim4.10.4-1+deb9u12	fixed
	buster (security), buster, buster (lts)	4.11.4+107-gef32c7afa2-1	fixed
	bullseye	4.14.6-1	fixed
	bullseye (security)	4.14.5+94-ge49571868d-1	fixed
	bookworm	4.17.3+10-g091466ba55-1~deb12u1	fixed
	sid, trixie	4.17.3+36-g54dacb5c02-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
kfreebsd-10	source	(unstable)	10.0~svn237137-1		677299
kfreebsd-8	source	squeeze	8.1+dfsg-8+squeeze3	DSA-2508-1
kfreebsd-8	source	(unstable)	8.3-4		677297
kfreebsd-9	source	(unstable)	9.0-4		677298
xen	source	squeeze	4.0.1-5.2	DSA-2501-1
xen	source	(unstable)	4.1.3~rc1+hg-20120614.a9c0a89c08f2-1

Notes

apparently this code is included in freebsd, xen, as well as
microsoft windows, which is also a part of this id assignment (and a
bit strangely the only os currently called out in the mitre description).
also affected the linux kernel, and was fixed 6 years earlier as CVE-2006-0744.