4.7

CVE-2012-6031

The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the "bad_copy error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XenXen Version4.0.0
XenXen Version4.1.0
XenXen Version4.2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.37% 0.288
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 3.4 6.9
AV:L/AC:M/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/55082
http://security.gentoo.org/glsa/glsa-201309-24.xml
https://security.gentoo.org/glsa/201604-03
http://secunia.com/advisories/50472
Vendor Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
http://osvdb.org/85199
http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities
http://www.openwall.com/lists/oss-security/2012/09/05/8
http://www.securityfocus.com/bid/55410
http://www.securitytracker.com/id?1027482
https://exchange.xforce.ibmcloud.com/vulnerabilities/78268