Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2012-3497

Disclosure Date: November 23, 2012
CVE-2012-3497
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • xen

Products

  • xen 4.0.0,
  • xen 4.1.0,
  • xen 4.2.0

References

Canonical
CVE-2012-3497 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497)
BID-55410 (http://www.securityfocus.com/bid/55410)
Advisory
SECUNIA-55082 (http://secunia.com/advisories/55082)
SECTRACK-1027482 (http://www.securitytracker.com/id?1027482)
http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities
SECUNIA-51413 (http://secunia.com/advisories/51413)
GLSA-201309-24 (http://security.gentoo.org/glsa/glsa-201309-24.xml)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html
[oss-security] 20120905 Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities (http://www.openwall.com/lists/oss-security/2012/09/05/8)
XF-xen-tmem-priv-esc(78268) (https://exchange.xforce.ibmcloud.com/vulnerabilities/78268)
OSVDB-85199 (http://osvdb.org/85199)
[Xen-announce] 20120905 Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities (http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
SECUNIA-50472 (http://secunia.com/advisories/50472)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
SECUNIA-51352 (http://secunia.com/advisories/51352)
SECUNIA-51324 (http://secunia.com/advisories/51324)
GLSA-201604-03 (https://security.gentoo.org/glsa/201604-03)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis