CVE-2012-3497

Published: 23 November 2012

(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id.

Notes

This is XSA-15
only 4.0 and higher
ONLY installations where "tmem" is specified on the hypervisor command
line are vulnerable.  Most Xen installations do not do so.
upstream says: "TMEM has been described by its maintainers as a
technology preview, and is therefore not supported by them for
use in production systems. Pending a full security audit of the
code, the Xen.org security team recommends that Xen users do not
enable TMEM."
We will not be fixing this in Ubuntu. Marking as "ignored"

Status

References

• http://www.openwall.com/lists/oss-security/2012/09/05/8
• http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
• https://www.cve.org/CVERecord?id=CVE-2012-3497
• NVD
• Launchpad
• Debian

Bugs

• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764