6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
27.0%
(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3)
TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent
Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause
a denial of service (NULL pointer dereference or memory corruption and host
crash) or possibly have other unspecified impacts via a NULL client id.
Author | Note |
---|---|
mdeslaur | This is XSA-15 only 4.0 and higher ONLY installations where “tmem” is specified on the hypervisor command line are vulnerable. Most Xen installations do not do so. upstream says: “TMEM has been described by its maintainers as a technology preview, and is therefore not supported by them for use in production systems. Pending a full security audit of the code, the Xen.org security team recommends that Xen users do not enable TMEM.” We will not be fixing this in Ubuntu. Marking as “ignored” |