CVE 2012-4544
The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.
Related bugs and status
CVE-2012-4544 (Candidate) is related to these bugs:
Bug #1086801: xen: security advisories 20-25
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1086801 | xen: security advisories 20-25 | xen (Ubuntu) | Medium | Fix Released | ||
1086801 | xen: security advisories 20-25 | xen (Ubuntu Raring) | Medium | Fix Released | ||
1086801 | xen: security advisories 20-25 | xen (Ubuntu Quantal) | Medium | Fix Released | ||
1086801 | xen: security advisories 20-25 | xen (Ubuntu Precise) | Medium | Fix Released | ||
1086801 | xen: security advisories 20-25 | xen (Ubuntu Oneiric) | Medium | Fix Released |
Bug #1086875: xen: security advisories 26-32
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1086875 | xen: security advisories 26-32 | xen (Ubuntu) | Medium | Fix Released | ||
1086875 | xen: security advisories 26-32 | xen (Ubuntu Raring) | Medium | Fix Released | ||
1086875 | xen: security advisories 26-32 | xen (Ubuntu Quantal) | Medium | Fix Released | ||
1086875 | xen: security advisories 26-32 | xen (Ubuntu Precise) | Medium | Fix Released | ||
1086875 | xen: security advisories 26-32 | xen (Ubuntu Oneiric) | Medium | Fix Released |
Bug #1176209: Import problem caused by duplicate message ID
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1176209 | Import problem caused by duplicate message ID | xen (Ubuntu) | Low | Invalid | ||
1176209 | Import problem caused by duplicate message ID | xen (Ubuntu Precise) | Low | Fix Released | ||
1176209 | Import problem caused by duplicate message ID | xen (Ubuntu Quantal) | Low | Fix Released |
Bug #1180396: Xen stable update to 4.1.5
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1180396 | Xen stable update to 4.1.5 | xen (Ubuntu) | Low | Invalid | ||
1180396 | Xen stable update to 4.1.5 | xen (Ubuntu Precise) | Medium | Fix Released | ||
1180396 | Xen stable update to 4.1.5 | xen (Ubuntu Quantal) | Medium | Fix Released |
See the
CVE page on Mitre.org
for more details.