CVE-2012-6031

The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the "bad_copy error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:45

Type Values Removed Values Added
References () http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html - () http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html -
References () http://osvdb.org/85199 - () http://osvdb.org/85199 -
References () http://secunia.com/advisories/50472 - Vendor Advisory () http://secunia.com/advisories/50472 - Vendor Advisory
References () http://secunia.com/advisories/55082 - () http://secunia.com/advisories/55082 -
References () http://security.gentoo.org/glsa/glsa-201309-24.xml - () http://security.gentoo.org/glsa/glsa-201309-24.xml -
References () http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities - () http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities -
References () http://www.openwall.com/lists/oss-security/2012/09/05/8 - () http://www.openwall.com/lists/oss-security/2012/09/05/8 -
References () http://www.securityfocus.com/bid/55410 - () http://www.securityfocus.com/bid/55410 -
References () http://www.securitytracker.com/id?1027482 - () http://www.securitytracker.com/id?1027482 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/78268 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/78268 -
References () https://security.gentoo.org/glsa/201604-03 - () https://security.gentoo.org/glsa/201604-03 -

Information

Published : 2012-11-23 20:55

Updated : 2024-11-21 01:45


NVD link : CVE-2012-6031

Mitre link : CVE-2012-6031

CVE.ORG link : CVE-2012-6031


JSON object : View

Products Affected

xen

  • xen
CWE
CWE-20

Improper Input Validation