Vulnerability Description
The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | <= 4.2.0 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.h
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.h
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092050.h
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
- http://osvdb.org/86619
- http://rhn.redhat.com/errata/RHSA-2013-0241.html
- http://secunia.com/advisories/51071Vendor Advisory
- http://secunia.com/advisories/51324
- http://secunia.com/advisories/51352
FAQ
What is CVE-2012-4544?
CVE-2012-4544 is a vulnerability with a CVSS score of 2.1 (LOW). The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of ser...
How severe is CVE-2012-4544?
CVE-2012-4544 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4544?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.