CVE-2012-6034

2012-11-2300:00:00

ubuntu.com

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

41.1%

JSON

The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions
and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent
Memory (TMEM) in Xen 4.0, 4.1, and 4.2 “do not check incoming guest output
buffer pointers,” which allows local guest OS users to cause a denial of
service (memory corruption and host crash) or execute arbitrary code via
unspecified vectors. NOTE: this issue was originally published as part of
CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into
this ID and others.

Notes

Author	Note
seth-arnold	Xen team strongly recommends against TMEM use
mdeslaur	only 4.0 and higher ONLY installations where “tmem” is specified on the hypervisor command line are vulnerable. Most Xen installations do not do so. upstream says: “TMEM has been described by its maintainers as a technology preview, and is therefore not supported by them for use in production systems. Pending a full security audit of the code, the Xen.org security team recommends that Xen users do not enable TMEM.” We will not be fixing this in Ubuntu. Marking as “ignored”

Author

Note

seth-arnold

Xen team strongly recommends against TMEM use

mdeslaur

only 4.0 and higher ONLY installations where “tmem” is specified on the hypervisor command line are vulnerable. Most Xen installations do not do so. upstream says: “TMEM has been described by its maintainers as a technology preview, and is therefore not supported by them for use in production systems. Pending a full security audit of the code, the Xen.org security team recommends that Xen users do not enable TMEM.” We will not be fixing this in Ubuntu. Marking as “ignored”