CVE-2012-6034

Name of the Vulnerable Software and Affected Versions Xen versions 4.0 through 4.2

Description The issue concerns the Transcendent Memory (TMEM) in Xen, specifically the tmemc save get next page and tmemc save get next inv functions, as well as the TMEMC SAVE GET POOL UUID sub-operation. These components do not check incoming guest output buffer pointers, allowing local guest OS users to cause a denial of service, resulting in memory corruption and host crash, or execute arbitrary code via unspecified vectors.

Recommendations For Xen versions 4.0 through 4.2, consider disabling the tmemc save get next page and tmemc save get next inv functions, as well as restricting the use of the TMEMC SAVE GET POOL UUID sub-operation, until a patch is available.