CVE-2012-6036

Name of the Vulnerable Software and Affected Versions Xen versions 4.0 through 4.2

Description The issue concerns the Transcendent Memory (TMEM) in Xen, where certain functions do not check for negative id pools. This allows local guest OS users to cause a denial of service, resulting in memory corruption and host crash, or possibly execute arbitrary code.

Recommendations For Xen versions 4.0 through 4.2, consider disabling the memc save get next page, tmemc restore put page, and tmemc restore flush page functions as a temporary workaround until a patch is available. Restrict access to the TMEM component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.