Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2012-6030

Published: 23 November 2012

The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.

Notes

AuthorNote
seth-arnold
Xen team strongly recommends against TMEM use
mdeslaur
only 4.0 and higher
ONLY installations where "tmem" is specified on the hypervisor command
line are vulnerable.  Most Xen installations do not do so.
upstream says: "TMEM has been described by its maintainers as a
technology preview, and is therefore not supported by them for
use in production systems. Pending a full security audit of the
code, the Xen.org security team recommends that Xen users do not
enable TMEM."
We will not be fixing this in Ubuntu. Marking as "ignored"

Priority

Low

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

natty Does not exist

oneiric Ignored

precise Ignored

quantal Ignored

upstream Needs triage

Binaries built from this source package are in Universe and so are supported by the community.
xen-3.1
Launchpad, Ubuntu, Debian
hardy Not vulnerable

lucid Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream Needs triage

Binaries built from this source package are in Universe and so are supported by the community.
xen-3.2
Launchpad, Ubuntu, Debian
hardy Not vulnerable

lucid Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream Needs triage

Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

natty Ignored
(end of life)
oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream Needs triage

Binaries built from this source package are in Universe and so are supported by the community.