Vulnerability Name:

CVE-2012-6033 (CCN-80329)

Assigned:2012-09-05
Published:2012-09-05
Updated:2017-08-29
Summary:The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors.
Note: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.5 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2012-6033

Source: MLIST
Type: Vendor Advisory
[Xen-announce] 20120905 Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities

Source: OSVDB
Type: UNKNOWN
85199

Source: CCN
Type: SA50472
Xen Multiple Denial of Service and Privilege Escalation Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
50472

Source: SECUNIA
Type: UNKNOWN
55082

Source: GENTOO
Type: UNKNOWN
GLSA-201309-24

Source: CONFIRM
Type: UNKNOWN
http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities

Source: MLIST
Type: UNKNOWN
[oss-security] 20120905 Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities

Source: CCN
Type: OSVDB ID: 85199
Xen Transcendent Memory (TMEM) Hypercall Multiple Sub-operation Validation Weakness Local Privilege Escalation

Source: BID
Type: UNKNOWN
55410

Source: CCN
Type: BID-55410
Xen 'TMEM hypercall' Multiple Security Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1027482

Source: CCN
Type: XenSource Web site
Xen

Source: XF
Type: UNKNOWN
xen-tmem-priv-esc(78268)

Source: XF
Type: UNKNOWN
xen-dotmemcontrol-sec-bypass(80329)

Source: GENTOO
Type: UNKNOWN
GLSA-201604-03

Vulnerable Configuration:Configuration 1:
  • cpe:/o:xen:xen:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.1.0:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.2.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:xensource:xen:4.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.precise:def:20126033000
    V
    		CVE-2012-6033 on Ubuntu 12.04 LTS (precise) - low.
    2012-11-23
    BACK
    xen xen 4.0.0
    xen xen 4.1.0
    xen xen 4.2.0
    xensource xen 4.0.0