CVE-2012-6033
Xen 4.0-4.2 - Unauthenticated Privilege Escalation via TMEM Control Stack Operations
Title source: llmDescription
The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
References (11)
Core 11
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55082
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1027482
Third Party Advisory x_refsource_confirm
http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201309-24.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/55410
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/09/05/8
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78268
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/85199
Vendor Advisory mailing-list
x_refsource_mlist
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50472
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201604-03
Scores
EPSS
0.0007
EPSS Percentile
21.5%
Details
CWE
CWE-264
Status
published
Products (3)
xen/xen
4.0.0
xen/xen
4.1.0
xen/xen
4.2.0
Published
Nov 23, 2012
Tracked Since
Feb 18, 2026