CVE-2012-6033 Information

Description

The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0 4.1 and 4.2 does not properly check privileges which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497 which was too general; CVE-2012-3497 has been SPLIT into this ID and others.

Reference

http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html http://osvdb.org/85199 http://secunia.com/advisories/50472 http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://wiki.xen.org/wiki/Security_AnnouncementsXSA-15_multiple_TMEM_hypercall_vulnerabilities http://www.openwall.com/lists/oss-security/2012/09/05/8 http://www.securityfocus.com/bid/55410 http://www.securitytracker.com/id?1027482 https://exchange.xforce.ibmcloud.com/vulnerabilities/78268 https://security.gentoo.org/glsa/201604-03