Vulnerability Name:

CVE-2012-6036 (CCN-78268)

Assigned:2012-09-05
Published:2012-09-05
Updated:2017-08-29
Summary:The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or possibly execute arbitrary code via unspecified vectors.
Note: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
4.4 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2012-3497

Source: MITRE
Type: CNA
CVE-2012-6030

Source: MITRE
Type: CNA
CVE-2012-6031

Source: MITRE
Type: CNA
CVE-2012-6036

Source: CCN
Type: Xen Security Advisory 15 (CVE-2012-3497)
multiple TMEM hypercall vulnerabilities

Source: MLIST
Type: Vendor Advisory
[Xen-announce] 20120905 Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities

Source: OSVDB
Type: UNKNOWN
85199

Source: CCN
Type: SA50472
Xen Multiple Denial of Service and Privilege Escalation Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
50472

Source: CCN
Type: SA50530
Citrix XenServer Denial of Service and Privilege Escalation Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
55082

Source: GENTOO
Type: UNKNOWN
GLSA-201309-24

Source: CCN
Type: CTX134708
Citrix XenServer Multiple Security Updates

Source: CONFIRM
Type: UNKNOWN
http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities

Source: MLIST
Type: UNKNOWN
[oss-security] 20120905 Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities

Source: CCN
Type: OSVDB ID: 85199
Xen Transcendent Memory (TMEM) Hypercall Multiple Sub-operation Validation Weakness Local Privilege Escalation

Source: BID
Type: UNKNOWN
55410

Source: CCN
Type: BID-55410
Xen 'TMEM hypercall' Multiple Security Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1027482

Source: XF
Type: UNKNOWN
xen-tmem-priv-esc(78268)

Source: XF
Type: UNKNOWN
xen-tmem-priv-esc(78268)

Source: XF
Type: UNKNOWN
xen-memcsavegetnextpage-code-exec(80326)

Source: GENTOO
Type: UNKNOWN
GLSA-201604-03

Vulnerable Configuration:Configuration 1:
  • cpe:/o:xen:xen:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.1.0:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2012-6036 (CCN-80326)

    Assigned:2012-09-05
    Published:2012-09-05
    Updated:2012-09-05
    Summary:Xen could allow a local attacker to execute arbitrary code on the system, caused by the failure to check for negative id pools by the memc_save_get_next_page, tmemc_restore_put_page and tmemc_restore_flush_page functions in the Transcendent Memory (TMEM). An attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the system or cause the host to crash.
    CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Local
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
    3.5 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
    3.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2012-6036

    Source: CCN
    Type: SA50472
    Xen Multiple Denial of Service and Privilege Escalation Vulnerabilities

    Source: CCN
    Type: OSVDB ID: 85199
    Xen Transcendent Memory (TMEM) Hypercall Multiple Sub-operation Validation Weakness Local Privilege Escalation

    Source: CCN
    Type: BID-55410
    Xen 'TMEM hypercall' Multiple Security Vulnerabilities

    Source: CCN
    Type: XenSource Web site
    Xen

    Source: XF
    Type: UNKNOWN
    xen-memcsavegetnextpage-code-exec(80326)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:xensource:xen:4.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.precise:def:20126036000
    V
    		CVE-2012-6036 on Ubuntu 12.04 LTS (precise) - low.
    2012-11-23
    BACK
    xen xen 4.0.0
    xen xen 4.1.0
    xen xen 4.2.0
    xensource xen 4.0.0