CVE-2012-6030 : The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4

The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.

Published 2012-11-23 20:55:04

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2012-6030

XEN » XEN » Version: 4.0.0
cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 4.1.0
cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 4.2.0
cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-6030

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 15 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-6030

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2012-6030

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-6030

http://security.gentoo.org/glsa/glsa-201309-24.xml

Xen: Multiple vulnerabilities (GLSA 201309-24) — Gentoo security

CVEs referencing this url
http://www.securityfocus.com/bid/55410

Xen 'TMEM hypercall' Multiple Security Vulnerabilities

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/78268

Xen TMEM privilege escalation CVE-2012-6036 Vulnerability Report

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2012/09/05/8

oss-security - Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities

CVEs referencing this url
http://www.securitytracker.com/id?1027482

Xen Transcendent Memory (TMEM) Multiple Flaws Lets Local Users on the Guest Operating System Gain Elevated Privileges on the Host - SecurityTracker

CVEs referencing this url
https://security.gentoo.org/glsa/201604-03

Xen: Multiple vulnerabilities (GLSA 201604-03) — Gentoo security

CVEs referencing this url
http://osvdb.org/85199

CVEs referencing this url
http://secunia.com/advisories/50472

Sign in
Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/55082

Sign in

CVEs referencing this url
http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities

Security Announcements (Historical) - Xen

CVEs referencing this url
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html

Xen project Mailing List
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2012-6030

Products affected by CVE-2012-6030

Exploit prediction scoring system (EPSS) score for CVE-2012-6030

CVSS scores for CVE-2012-6030

CWE ids for CVE-2012-6030

References for CVE-2012-6030