CVE-2012-6030
Publication date 23 November 2012
Last updated 24 July 2024
Ubuntu priority
The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
Status
Package | Ubuntu Release | Status |
---|---|---|
xen | ||
xen-3.1 | ||
xen-3.2 | ||
xen-3.3 | ||
Notes
seth-arnold
Xen team strongly recommends against TMEM use
mdeslaur
only 4.0 and higher ONLY installations where "tmem" is specified on the hypervisor command line are vulnerable. Most Xen installations do not do so. upstream says: "TMEM has been described by its maintainers as a technology preview, and is therefore not supported by them for use in production systems. Pending a full security audit of the code, the Xen.org security team recommends that Xen users do not enable TMEM." We will not be fixing this in Ubuntu. Marking as "ignored"
References
Other references
- http://xforce.iss.net/xforce/xfdb/78268
- http://www.securitytracker.com/id?1027482
- http://www.openwall.com/lists/oss-security/2012/09/05/8
- http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities
- http://secunia.com/advisories/50472
- http://osvdb.org/85199
- http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
- https://www.cve.org/CVERecord?id=CVE-2012-6030