PT-2012-5473 · Xen+2 · Xen+2

Publicado

2012-10-31

Atualizado

2024-06-15

CVE-2012-4544

CVSS v2.0

2.1

Baixa

Vetor

AV:L/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Xen versions 4.2 and earlier

Description The issue allows local guest administrators to cause a denial of service by consuming domain 0 memory via a crafted kernel or ramdisk, due to the lack of validation of the size of the kernel or ramdisk before or after decompression.

Recommendations For Xen versions 4.2 and earlier, consider implementing size validation for kernels and ramdisks to prevent excessive memory consumption. As a temporary workaround, restrict the ability of local guest administrators to load custom kernels or ramdisks until a proper fix is applied.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2012-4544

DSA-2636-1

OPENSUSE-SU-2012_1572-1

OPENSUSE-SU-2012_1573-1

OPENSUSE-SU-2024:10196-1

RHSA-2013:0241

RHSA-2013_0241

SUSE-SU-2014_0411-1

Produtos afetados

Red Hat

Suse

Xen

PT-2012-5473 · Xen+2 · Xen+2

CVE-2012-4544

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 219