CVE-2012-3497 — Improper Input Validation in XEN
Severity
7.2HIGHNVD
NVD6.9NVD4.9NVD4.7NVD4.4OSV6.9
EPSS
0.1%
top 71.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 23
Latest updateMay 17
Description
(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id.
CVSS vector
AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0
Affected Packages3 packages
🔴Vulnerability Details
16GHSA▶
GHSA-vqpw-3pfq-73hh: The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memo↗2022-05-17
GHSA▶
GHSA-vx34-5jq7-vqc8: (1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TM↗2022-05-17
GHSA▶
GHSA-p542-pm63-7qpp: The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4↗2022-05-17
GHSA
▶
GHSA▶
GHSA-7c3m-cjc4-58wg: Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4↗2022-05-17
📋Vendor Advisories
16Debian▶
CVE-2012-6031: xen - The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and ...↗2012
Debian▶
CVE-2012-6036: xen - The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restor...↗2012
Debian▶
CVE-2012-6032: xen - Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_c...↗2012
Debian▶
CVE-2012-6035: xen - The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, ...↗2012
Debian▶
CVE-2012-6030: xen - The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4...↗2012