CVE-2012-6032 - Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in t

CVE-2012-6032

Summary

Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (memory corruption and host crash) via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.

References

Vulnerable Configurations

cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 29-08-2017 - 01:32)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	55410
confirm	http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities
gentoo	GLSA-201309-24 GLSA-201604-03
mlist	[Xen-announce] 20120905 Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities [oss-security] 20120905 Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities
osvdb	85199
sectrack	1027482
secunia	50472 55082
xf	xen-tmem-priv-esc(78268)

Last major update

29-08-2017 - 01:32

Published

23-11-2012 - 20:55

Last modified

29-08-2017 - 01:32