CVE-2011-1583

Name of the Vulnerable Software and Affected Versions Xen versions 3.2 through 4.1

Description The issue is caused by multiple integer overflows in the xc dom bzimageloader.c file, allowing local users to potentially execute arbitrary code or cause a denial of service. This can be achieved by using a crafted paravirtualised guest kernel image that triggers either a buffer overflow during decompression or an out-of-bounds read in the loader.

Recommendations For Xen versions 3.2 through 4.1, update to a version that includes the fix for the integer overflows in xc dom bzimageloader.c. As a temporary workaround, consider restricting the use of paravirtualised guest kernel images to minimize the risk of exploitation.