Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6036

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2012-6036
Last Modified 10 Oct 2013 11:47:46
Published 23 Nov 2012 03:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6036

Summary

The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or possibly execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.

Vulnerable Systems

Operating System

  • Xen 4.0.0

  • Xen 4.1.0

  • Xen 4.2.0


References

XF - xen-tmem-priv-esc(78268)

SECTRACK - 1027482

BID - 55410

MLIST - [oss-security] 20120905 Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities

CONFIRM - http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities

SECUNIA - 50472

OSVDB - 85199

MLIST - [Xen-announce] 20120905 Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities

XF - xen-memcsavegetnextpage-code-exec(80326)

GENTOO - GLSA-201309-24

SECUNIA - 55082


Last Updated: 27 May 2016 10:58:30