CVE-2012-6036 | Vulnerability Database | Aqua Security

The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or possibly execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.

Affected Software

Name	Vendor	Start Version	End Version
Xen	Xen	4.0.0 (including)	4.0.0 (including)
Xen	Xen	4.1.0 (including)	4.1.0 (including)
Xen	Xen	4.2.0 (including)	4.2.0 (including)
Xen	Ubuntu	devel	*
Xen	Ubuntu	oneiric	*
Xen	Ubuntu	precise	*
Xen	Ubuntu	quantal	*
Xen-3.3	Ubuntu	natty	*

References

http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
http://osvdb.org/85199
http://secunia.com/advisories/50472
http://secunia.com/advisories/55082
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities
http://www.openwall.com/lists/oss-security/2012/09/05/8
http://www.securityfocus.com/bid/55410
http://www.securitytracker.com/id?1027482
https://exchange.xforce.ibmcloud.com/vulnerabilities/78268
https://exchange.xforce.ibmcloud.com/vulnerabilities/80326
https://security.gentoo.org/glsa/201604-03

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-6036
CWE	https://cwe.mitre.org/data/definitions/264.html