SUSE CVE-2012-4544

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk 1 before or 2 after decompression, which allows local guest administrators to cause a denial of service domain 0 memory consumption via a crafted a kernel or b ramdisk...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

CVE-2021-4034-Rust Linux LPE using polkit-1 written in Rust...

CVE-2021-33887

Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader...

CVE-2021-33887

Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader...

Peloton TTR01 数据伪造问题漏洞

The Peloton TTR01 is a wireless device. A data forgery vulnerability exists in the Peloton TTR01, which arises from insufficient validation of data authenticity and can be exploited by an attacker with physical access to boot into a modified kernel ramdisk without unlocking the bootloader.The...

grub2: Integer overflow in initrd size handling

Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu the functionality is not included in GRUB2 upstream, leading to a heap-based buffer overflow. These could be triggered by an extremely...

grub2: Integer overflow in initrd size handling

Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu the functionality is not included in GRUB2 upstream, leading to a heap-based buffer overflow. These could be triggered by an extremely...

openSUSE Security Update : dracut (openSUSE-2017-347)

This update for dracut fixes the following issues : Security issues fixed : - CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd would be read-only available for all users, allowing local users to retrieve secrets stored in the initial ramdisk. bsc10083...

UBUNTU-CVE-2015-8341

The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service memory and disk consumption by starting domains...

CVE-2014-4027

The rdbuilddevicespace function in drivers/target/targetcorerd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdiskmcp memory by leveraging access to a SCSI initiator...

DEBIAN-CVE-2014-4027

The rdbuilddevicespace function in drivers/target/targetcorerd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdiskmcp memory by leveraging access to a SCSI initiator...

UBUNTU-CVE-2014-4027

The rdbuilddevicespace function in drivers/target/targetcorerd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdiskmcp memory by leveraging access to a SCSI initiator...

[Tor-ramdisk] Micro Linux distribution whose sole purpose is to securely host a Tor server purely in RAM

Tor-ramdisk is a uClibc-based micro Linux distribution whose sole purpose is to securely host a Tor server purely in RAM. For those not familiar with Tor, it is a system which allows the user to construct encrypted virtual tunnels which are randomly relayed between Tor servers nodes until the...

Oracle Linux 5 : xen (ELSA-2013-0241)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0241 advisory. 3.0.3-142.el59.1 - libxc: move error checking next to the function which returned the error rhbz 876997 - libxc: builder: limit maximum size of kernel/ramdisk...

DSA-2636-1 xen - several

Bulletin has no description...

xen security update

CentOS Errata and Security Advisory CESA-2013:0241 Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score,...

xen: Xen domain builder Out-of-memory due to malicious kernel/ramdisk

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk 1 before or 2 after decompression, which allows local guest administrators to cause a denial of service domain 0 memory consumption via a crafted a kernel or b ramdisk...

xen security update

3.0.3-142.el59.1 - libxc: move error checking next to the function which returned the error rhbz 876997 - libxc: builder: limit maximum size of kernel/ramdisk rhbz 876997...

Xen domain builder Out-of-memory due to malicious kernel/ramdisk

ISSUE DESCRIPTION The Xen PV domain builder contained no validation of the size of the supplied kernel or ramdisk either before or after decompression. This could cause the toolstack to consume all available RAM in the domain running the domain builder. CVE-2012-4544 Additionally, under similar...

CVE-2012-4544

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk 1 before or 2 after decompression, which allows local guest administrators to cause a denial of service domain 0 memory consumption via a crafted a kernel or b ramdisk...