CVE-2012-6033

Published: 23 November 2012

The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.

Priority

Low

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Binaries built from this source package are in Universe and so are supported by the community.
xen-3.1
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Binaries built from this source package are in Universe and so are supported by the community.
xen-3.2
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Binaries built from this source package are in Universe and so are supported by the community.

Notes

AuthorNote
seth-arnold 
Xen team strongly recommends against TMEM use
mdeslaur 
only 4.0 and higher
ONLY installations where "tmem" is specified on the hypervisor command
line are vulnerable.  Most Xen installations do not do so.
upstream says: "TMEM has been described by its maintainers as a
technology preview, and is therefore not supported by them for
use in production systems. Pending a full security audit of the
code, the Xen.org security team recommends that Xen users do not
enable TMEM."
We will not be fixing this in Ubuntu. Marking as "ignored"

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading