MiracleLinux 3 : xen-3.0.3-142.1.0.1.AXS3 (AXSA:2013-127:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-127:02 advisory. This package contains the Xen tools and management daemons needed to run virtual machines on x86, x8664, and ia64 systems. Information on how to use Xen can b...

xen: Xen domain builder Out-of-memory due to malicious kernel/ramdisk

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk 1 before or 2 after decompression, which allows local guest administrators to cause a denial of service domain 0 memory consumption via a crafted a kernel or b ramdisk...

Xen domain builder Out-of-memory due to malicious kernel/ramdisk

ISSUE DESCRIPTION The Xen PV domain builder contained no validation of the size of the supplied kernel or ramdisk either before or after decompression. This could cause the toolstack to consume all available RAM in the domain running the domain builder. CVE-2012-4544 Additionally, under similar...

DEBIAN-CVE-2012-4544

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk 1 before or 2 after decompression, which allows local guest administrators to cause a denial of service domain 0 memory consumption via a crafted a kernel or b ramdisk...

CVE-2012-4544

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk 1 before or 2 after decompression, which allows local guest administrators to cause a denial of service domain 0 memory consumption via a crafted a kernel or b ramdisk...

Design/Logic Flaw

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk 1 before or 2 after decompression, which allows local guest administrators to cause a denial of service domain 0 memory consumption via a crafted a kernel or b ramdisk...

CVE-2012-4544

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk 1 before or 2 after decompression, which allows local guest administrators to cause a denial of service domain 0 memory consumption via a crafted a kernel or b ramdisk...

CVE-2012-4544

CVE-2012-4544 affects the Xen PV domain builder in Xen 4.2 and earlier. The vulnerability stems from not validating the size of the kernel or ramdisk (before or after decompression), enabling a local guest administrator to cause a denial of service by exhausting domain 0 memory with a crafted ker...

CVE-2012-4544

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk 1 before or 2 after decompression, which allows local guest administrators to cause a denial of service domain 0 memory consumption via a crafted a kernel or b ramdisk...