PT-2012-4139 · Xen+2 · Xen+2

Published

2012-07-31

Updated

2024-06-15

CVE-2012-2625

CVSS v2.0

2.7

Low

Vector

AV:A/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Xen unstable before changeset 25589:60f09d1ab1fe Xen versions 4.2.x Xen versions 4.1.x

Description The issue allows local para-virtualized guest users to cause a denial of service, specifically memory consumption, by utilizing a large compressed kernel image. This can be achieved through either bzip2 or lzma compression.

Recommendations For Xen unstable before changeset 25589:60f09d1ab1fe, update to a version after changeset 25589:60f09d1ab1fe to resolve the issue. For Xen versions 4.2.x, consider updating to a newer version that includes the fix for this issue. For Xen versions 4.1.x, consider updating to a newer version that includes the fix for this issue. As a temporary workaround, consider restricting the size of compressed kernel images to prevent excessive memory consumption.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2012-2625

DSA-2636-1

OPENSUSE-SU-2012_1172-1

OPENSUSE-SU-2012_1174-1

OPENSUSE-SU-2012_1572-1

OPENSUSE-SU-2012_1573-1

OPENSUSE-SU-2024:10196-1

RHSA-2012:1130

RHSA-2012_1130

SUSE-SU-2012_1044-1

SUSE-SU-2012_1135-1

Affected Products

Red Hat

Suse

Xen

PT-2012-4139 · Xen+2 · Xen+2

CVE-2012-2625

Weakness Enumeration

Related Identifiers

Affected Products

References · 207