CVE-2012-4544

medium

Description

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/79617

http://www.securitytracker.com/id?1027699

http://www.securityfocus.com/bid/56289

http://www.openwall.com/lists/oss-security/2012/10/26/3

http://www.debian.org/security/2013/dsa-2636

http://secunia.com/advisories/51413

http://secunia.com/advisories/51352

http://secunia.com/advisories/51324

http://secunia.com/advisories/51071

http://rhn.redhat.com/errata/RHSA-2013-0241.html

http://osvdb.org/86619

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092050.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html

Details

Source: Mitre, NVD

Published: 2012-10-31

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium