Vulnerability Description
Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Xen | 3.2.0 |
Related Weaknesses (CWE)
References
- http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.htmlPatchVendor Advisory
- http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.htmlPatch
- http://rhn.redhat.com/errata/RHSA-2011-0496.html
- http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.htmlPatchVendor Advisory
- http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.htmlPatch
- http://rhn.redhat.com/errata/RHSA-2011-0496.html
FAQ
What is CVE-2011-1583?
CVE-2011-1583 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirt...
How severe is CVE-2011-1583?
CVE-2011-1583 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1583?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Xen.