PT-2011-3237 · Xen+1 · Xen+1
Ian Jackson
·
Published
2011-05-09
·
Updated
2011-08-24
·
CVE-2011-1583
CVSS v2.0
6.9
Medium
| Vector | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Xen versions 3.2 through 4.1
Description
The issue is caused by multiple integer overflows in the
xc dom bzimageloader.c file, allowing local users to potentially execute arbitrary code or cause a denial of service. This can be achieved by using a crafted paravirtualised guest kernel image that triggers either a buffer overflow during decompression or an out-of-bounds read in the loader.Recommendations
For Xen versions 3.2 through 4.1, update to a version that includes the fix for the integer overflows in
xc dom bzimageloader.c. As a temporary workaround, consider restricting the use of paravirtualised guest kernel images to minimize the risk of exploitation.Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat
Xen