6.9
CVE-2012-6035
- EPSS 0.42%
- Veröffentlicht 23.11.2012 20:55:04
- Zuletzt bearbeitet 16.06.2026 23:47:41
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.334 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/55082
http://security.gentoo.org/glsa/glsa-201309-24.xml
https://security.gentoo.org/glsa/201604-03
http://secunia.com/advisories/50472
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
http://osvdb.org/85199
http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities
http://www.openwall.com/lists/oss-security/2012/09/05/8
http://www.securityfocus.com/bid/55410
http://www.securitytracker.com/id?1027482
https://exchange.xforce.ibmcloud.com/vulnerabilities/78268