CVE-2012-6031

EPSS 0.06%
Published 23.11.2012 20:55:04
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the "bad_copy error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.

Affected products Warnungen 0 Metrics 2 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Xen ≫ Xen Version4.0.0

Xen ≫ Xen Version4.1.0

Xen ≫ Xen Version4.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.152

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.7	3.4	6.9	AV:L/AC:M/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/55082

http://security.gentoo.org/glsa/glsa-201309-24.xml

https://security.gentoo.org/glsa/201604-03

http://secunia.com/advisories/50472

Vendor Advisory

http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html

http://osvdb.org/85199

http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities

http://www.openwall.com/lists/oss-security/2012/09/05/8

http://www.securityfocus.com/bid/55410

http://www.securitytracker.com/id?1027482

https://exchange.xforce.ibmcloud.com/vulnerabilities/78268

https://nvd.nist.gov/vuln/detail/CVE-2012-6031

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-6031

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-6031

EUVD