CVE-2012-6034Improper Input Validation in XEN

CWE-20Improper Input Validation6 documents6 sources
Severity
4.4MEDIUMNVD
OSV6.9
EPSS
0.1%
top 67.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XENDebian XEN
Timeline
PublishedNov 23
Latest updateMay 17

Description

The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check incoming guest output buffer pointers," which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has bee

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages3 packages

debiandebian/xen< xen 4.1.4-1 (bookworm)
Debianxen/xen< 4.1.4-1+3
NVDxen/xen4.0.0, 4.1.0, 4.2.0+2

🔴Vulnerability Details

2
GHSA
GHSA-vqpw-3pfq-73hh: The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memo2022-05-17
OSV
CVE-2012-6034: The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memo2012-11-23

📋Vendor Advisories

2
Debian
CVE-2012-6034: xen - The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and t...2012
Red Hat
CVE-2012-6034: The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memo

💬Community

1
Bugzilla
CVE kernel non-issue statements2010-05-13