CVE-2012-6036Out-of-bounds Write in XEN

6 documents6 sources
Severity
4.4MEDIUMNVD
OSV6.9
EPSS
0.1%
top 67.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XENDebian XEN
Timeline
PublishedNov 23
Latest updateMay 17

Description

The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or possibly execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages3 packages

debiandebian/xen< xen 4.1.4-1 (bookworm)
Debianxen/xen< 4.1.4-1+3
NVDxen/xen4.0.0, 4.1.0, 4.2.0+2

🔴Vulnerability Details

2
GHSA
GHSA-4m7r-jfv6-r27r: The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 42022-05-17
OSV
CVE-2012-6036: The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 42012-11-23

📋Vendor Advisories

2
Debian
CVE-2012-6036: xen - The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restor...2012
Red Hat
CVE-2012-6036: The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4

💬Community

1
Bugzilla
CVE kernel non-issue statements2010-05-13