CVE-2012-6033

high

Description

The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.

References

https://security.gentoo.org/glsa/201604-03

https://exchange.xforce.ibmcloud.com/vulnerabilities/78268

http://www.securitytracker.com/id?1027482

http://www.securityfocus.com/bid/55410

http://www.openwall.com/lists/oss-security/2012/09/05/8

http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities

http://security.gentoo.org/glsa/glsa-201309-24.xml

http://secunia.com/advisories/55082

http://secunia.com/advisories/50472

http://osvdb.org/85199

http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html

Details

Source: Mitre, NVD

Published: 2012-11-23

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 4.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High