CVE-2012-4544

2012-10-3100:00:00

ubuntu.com

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

27.1%

JSON

The PV domain builder in Xen 4.2 and earlier does not validate the size of
the kernel or ramdisk (1) before or (2) after decompression, which allows
local guest administrators to cause a denial of service (domain 0 memory
consumption) via a crafted (a) kernel or (b) ramdisk.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688125>

Notes

Author	Note
kees	for full-virtualization issues, add qemu (and kvm)

OSVersionArchitecturePackageVersionFilename
ubuntu11.10noarchxen< 4.1.1-2ubuntu4.3UNKNOWN
ubuntu12.04noarchxen< 4.1.2-2ubuntu2.3UNKNOWN
ubuntu12.10noarchxen< 4.1.3-3ubuntu1.1UNKNOWN
ubuntu13.04noarchxen< 4.2.0-1ubuntu2UNKNOWN
ubuntu13.10noarchxen< 4.2.0-1ubuntu2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	11.10	noarch	xen	< 4.1.1-2ubuntu4.3	UNKNOWN
ubuntu	12.04	noarch	xen	< 4.1.2-2ubuntu2.3	UNKNOWN
ubuntu	12.10	noarch	xen	< 4.1.3-3ubuntu1.1	UNKNOWN
ubuntu	13.04	noarch	xen	< 4.2.0-1ubuntu2	UNKNOWN
ubuntu	13.10	noarch	xen	< 4.2.0-1ubuntu2	UNKNOWN