CVE-2012-6033 — XEN vulnerability

6 documents6 sources

Severity

4.4MEDIUMNVD

OSV6.9

EPSS

0.1%

top 78.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedNov 23

Latest updateMay 17

Description

The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/xen< xen 4.1.4-1 (bookworm)

▶Debianxen/xen< 4.1.4-1+3

▶NVDxen/xen4.0.0, 4.1.0, 4.2.0+2

🔴Vulnerability Details

GHSA

GHSA-p542-pm63-7qpp: The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4↗2022-05-17

▶

OSV

CVE-2012-6033: The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4↗2012-11-23

▶

📋Vendor Advisories

Debian

CVE-2012-6033: xen - The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, ...↗2012

▶

Red Hat

CVE-2012-6033: The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4↗

▶

💬Community

Bugzilla

CVE kernel non-issue statements↗2010-05-13

▶