Vulnerability Description
The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | 4.0.0 |
Related Weaknesses (CWE)
References
- http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.htmlVendor Advisory
- http://osvdb.org/85199
- http://secunia.com/advisories/50472Vendor Advisory
- http://secunia.com/advisories/55082
- http://security.gentoo.org/glsa/glsa-201309-24.xml
- http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_v
- http://www.openwall.com/lists/oss-security/2012/09/05/8
- http://www.securityfocus.com/bid/55410
- http://www.securitytracker.com/id?1027482
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78268
- https://security.gentoo.org/glsa/201604-03
- http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.htmlVendor Advisory
- http://osvdb.org/85199
- http://secunia.com/advisories/50472Vendor Advisory
- http://secunia.com/advisories/55082
FAQ
What is CVE-2012-6033?
CVE-2012-6033 is a vulnerability with a CVSS score of 4.4 (MEDIUM). The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via uns...
How severe is CVE-2012-6033?
CVE-2012-6033 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6033?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.