Lucene search

PRIOn knowledge basePRION:CVE-2011-1583

HistoryAug 12, 2011 - 6:55 p.m.

Integer overflow

2011-08-1218:55:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.4%

JSON

Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.

CPENameOperatorVersion
xeneq3.2.0
xeneq3.3.0
xeneq4.1.0
xeneq4.0.0

Name	Operator	Version
xen	eq	3.2.0
xen	eq	3.3.0
xen	eq	4.1.0
xen	eq	4.0.0

References

lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html

lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html

rhn.redhat.com/errata/RHSA-2011-0496.html

8.1 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.4%

JSON

Related for PRION:CVE-2011-1583