[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-4544Date: (C)2012-11-01   (M)2023-12-22


The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1027699
SECUNIA-51071
SECUNIA-51324
SECUNIA-51352
SECUNIA-51413
BID-56289
OSVDB-86619
DSA-2636
FEDORA-2012-17135
FEDORA-2012-17204
FEDORA-2012-17408
RHSA-2013:0241
SUSE-SU-2012:1486
SUSE-SU-2012:1487
SUSE-SU-2014:0411
SUSE-SU-2014:0446
SUSE-SU-2014:0470
http://www.openwall.com/lists/oss-security/2012/10/26/3
openSUSE-SU-2012:1572
openSUSE-SU-2012:1573
xen-pvdomainbuilder-dos(79617)

CPE    4
cpe:/o:xen:xen:4.1.0
cpe:/o:xen:xen:4.1.3
cpe:/o:xen:xen:4.1.2
cpe:/o:xen:xen:4.1.1
...
CWE    1
CWE-20
OVAL    25
oval:org.secpod.oval:def:600978
oval:org.secpod.oval:def:400449
oval:org.secpod.oval:def:400448
oval:org.secpod.oval:def:1500088
...

© SecPod Technologies