Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6033

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2012-6033
Last Modified 10 Oct 2013 11:47:46
Published 23 Nov 2012 03:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6033

Summary

The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.

Vulnerable Systems

Operating System

  • Xen 4.0.0

  • Xen 4.1.0

  • Xen 4.2.0


References

XF - xen-tmem-priv-esc(78268)

SECTRACK - 1027482

BID - 55410

MLIST - [oss-security] 20120905 Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities

CONFIRM - http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities

SECUNIA - 50472

OSVDB - 85199

MLIST - [Xen-announce] 20120905 Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities

GENTOO - GLSA-201309-24

SECUNIA - 55082


Last Updated: 27 May 2016 10:58:30