CVE-2012-6033 : The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1,

The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.

Published 2012-11-23 20:55:04

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2012-6033

XEN » XEN » Version: 4.0.0
cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 4.1.0
cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 4.2.0
cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-6033

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 19 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-6033

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.4	MEDIUM	AV:L/AC:M/Au:N/C:P/I:P/A:P	3.4	6.4	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2012-6033

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-6033

http://security.gentoo.org/glsa/glsa-201309-24.xml

Xen: Multiple vulnerabilities (GLSA 201309-24) — Gentoo security

CVEs referencing this url
http://www.securityfocus.com/bid/55410

Xen 'TMEM hypercall' Multiple Security Vulnerabilities

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/78268

Xen TMEM privilege escalation CVE-2012-6036 Vulnerability Report

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2012/09/05/8

oss-security - Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities

CVEs referencing this url
http://www.securitytracker.com/id?1027482

Xen Transcendent Memory (TMEM) Multiple Flaws Lets Local Users on the Guest Operating System Gain Elevated Privileges on the Host - SecurityTracker

CVEs referencing this url
https://security.gentoo.org/glsa/201604-03

Xen: Multiple vulnerabilities (GLSA 201604-03) — Gentoo security

CVEs referencing this url
http://osvdb.org/85199

CVEs referencing this url
http://secunia.com/advisories/50472

Sign in
Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/55082

Sign in

CVEs referencing this url
http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities

Security Announcements (Historical) - Xen

CVEs referencing this url
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html

Xen project Mailing List
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2012-6033

Products affected by CVE-2012-6033

Exploit prediction scoring system (EPSS) score for CVE-2012-6033

CVSS scores for CVE-2012-6033

CWE ids for CVE-2012-6033

References for CVE-2012-6033