CVE-2012-3497

2012-11-2300:00:00

ubuntu.com

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

27.0%

JSON

(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3)
TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent
Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause
a denial of service (NULL pointer dereference or memory corruption and host
crash) or possibly have other unspecified impacts via a NULL client id.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764>

Notes

Author	Note
mdeslaur	This is XSA-15 only 4.0 and higher ONLY installations where “tmem” is specified on the hypervisor command line are vulnerable. Most Xen installations do not do so. upstream says: “TMEM has been described by its maintainers as a technology preview, and is therefore not supported by them for use in production systems. Pending a full security audit of the code, the Xen.org security team recommends that Xen users do not enable TMEM.” We will not be fixing this in Ubuntu. Marking as “ignored”

Author

Note

mdeslaur

This is XSA-15 only 4.0 and higher ONLY installations where “tmem” is specified on the hypervisor command line are vulnerable. Most Xen installations do not do so. upstream says: “TMEM has been described by its maintainers as a technology preview, and is therefore not supported by them for use in production systems. Pending a full security audit of the code, the Xen.org security team recommends that Xen users do not enable TMEM.” We will not be fixing this in Ubuntu. Marking as “ignored”