Lucene search

K

Ubuntu.comUB:CVE-2011-1583

HistoryAug 12, 2011 - 12:00 a.m.

CVE-2011-1583

2011-08-1200:00:00

ubuntu.com

ubuntu.com

11

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen
3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and
possibly execute arbitrary code via a crafted paravirtualised guest kernel
image that triggers (1) a buffer overflow during a decompression loop or
(2) an out-of-bounds read in the loader involving unspecified length
fields.

Notes

Author	Note
kees	for full-virtualization issues, add qemu (and kvm)

References

lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html

launchpad.net/bugs/cve/CVE-2011-1583

nvd.nist.gov/vuln/detail/CVE-2011-1583

security-tracker.debian.org/tracker/CVE-2011-1583

www.cve.org/CVERecord?id=CVE-2011-1583

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

Related for UB:CVE-2011-1583

openvas23 veracode1 fedora8 nessus12 prion1 cve1 altlinux1 debiancve1 redhat1 oraclelinux1 centos1 securityvulns1 debian1 osv1