2.7 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
26.8%
The xen packages contain administration tools and the xend service for
managing the kernel-xen kernel for virtualization on Red Hat Enterprise
Linux.
A flaw was found in the way the pyGrub boot loader handled compressed
kernel images. A privileged guest user in a para-virtualized guest (a DomU)
could use this flaw to create a crafted kernel image that, when attempting
to boot it, could result in an out-of-memory condition in the privileged
domain (the Dom0). (CVE-2012-2625)
Red Hat would like to thank Xinli Niu for reporting this issue.
All users of xen are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, the xend service must be restarted for this update to
take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | x86_64 | xen-devel | < 3.0.3-135.el5_8.4 | xen-devel-3.0.3-135.el5_8.4.x86_64.rpm |
RedHat | 5 | src | xen | < 3.0.3-135.el5_8.4 | xen-3.0.3-135.el5_8.4.src.rpm |
RedHat | 5 | x86_64 | xen-debuginfo | < 3.0.3-135.el5_8.4 | xen-debuginfo-3.0.3-135.el5_8.4.x86_64.rpm |
RedHat | 5 | x86_64 | xen | < 3.0.3-135.el5_8.4 | xen-3.0.3-135.el5_8.4.x86_64.rpm |
RedHat | 5 | i386 | xen-libs | < 3.0.3-135.el5_8.4 | xen-libs-3.0.3-135.el5_8.4.i386.rpm |
RedHat | 5 | i386 | xen-debuginfo | < 3.0.3-135.el5_8.4 | xen-debuginfo-3.0.3-135.el5_8.4.i386.rpm |
RedHat | 5 | ia64 | xen | < 3.0.3-135.el5_8.4 | xen-3.0.3-135.el5_8.4.ia64.rpm |
RedHat | 5 | ia64 | xen-libs | < 3.0.3-135.el5_8.4 | xen-libs-3.0.3-135.el5_8.4.ia64.rpm |
RedHat | 5 | ia64 | xen-debuginfo | < 3.0.3-135.el5_8.4 | xen-debuginfo-3.0.3-135.el5_8.4.ia64.rpm |
RedHat | 5 | x86_64 | xen-libs | < 3.0.3-135.el5_8.4 | xen-libs-3.0.3-135.el5_8.4.x86_64.rpm |