Vulnerability Name:

CVE-2012-6031 (CCN-78268)

Assigned:2012-09-05
Published:2012-09-05
Updated:2017-08-29
Summary:The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the "bad_copy error path."
Note: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.7 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C)
3.5 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
4.4 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2012-3497

Source: MITRE
Type: CNA
CVE-2012-6030

Source: MITRE
Type: CNA
CVE-2012-6031

Source: CCN
Type: Xen Security Advisory 15 (CVE-2012-3497)
multiple TMEM hypercall vulnerabilities

Source: MLIST
Type: UNKNOWN
[Xen-announce] 20120905 Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities

Source: OSVDB
Type: UNKNOWN
85199

Source: CCN
Type: SA50472
Xen Multiple Denial of Service and Privilege Escalation Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
50472

Source: CCN
Type: SA50530
Citrix XenServer Denial of Service and Privilege Escalation Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
55082

Source: GENTOO
Type: UNKNOWN
GLSA-201309-24

Source: CCN
Type: CTX134708
Citrix XenServer Multiple Security Updates

Source: CONFIRM
Type: UNKNOWN
http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities

Source: MLIST
Type: UNKNOWN
[oss-security] 20120905 Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities

Source: CCN
Type: OSVDB ID: 85199
Xen Transcendent Memory (TMEM) Hypercall Multiple Sub-operation Validation Weakness Local Privilege Escalation

Source: BID
Type: UNKNOWN
55410

Source: CCN
Type: BID-55410
Xen 'TMEM hypercall' Multiple Security Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1027482

Source: XF
Type: UNKNOWN
xen-tmem-priv-esc(78268)

Source: XF
Type: UNKNOWN
xen-tmem-priv-esc(78268)

Source: GENTOO
Type: UNKNOWN
GLSA-201604-03

Vulnerable Configuration:Configuration 1:
  • cpe:/o:xen:xen:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.1.0:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.2.0:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:xensource:xen:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:xensource:xen:4.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:xensource:xen:4.1:*:*:*:*:*:*:*
  • AND
  • cpe:/a:citrix:xenserver:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xenserver:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xenserver:5.6:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xenserver:6.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.precise:def:20126031000
    V
    CVE-2012-6031 on Ubuntu 12.04 LTS (precise) - low.
    2012-11-23
    BACK
    xen xen 4.0.0
    xen xen 4.1.0
    xen xen 4.2.0
    xensource xen 4.1.1
    xensource xen 4.1.2
    xensource xen 4.1
    citrix xenserver 5.5
    citrix xenserver 5.0
    citrix xenserver 5.6
    citrix xenserver 6.0