6.9

CVE-2012-6035

The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors.  NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XenXen Version4.0.0
XenXen Version4.1.0
XenXen Version4.2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.334
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/55082
http://security.gentoo.org/glsa/glsa-201309-24.xml
https://security.gentoo.org/glsa/201604-03
http://secunia.com/advisories/50472
Vendor Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
http://osvdb.org/85199
http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities
Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/09/05/8
http://www.securityfocus.com/bid/55410
http://www.securitytracker.com/id?1027482
https://exchange.xforce.ibmcloud.com/vulnerabilities/78268