PT-2012-5473 · Xen+2 · Xen+2

Published

2012-10-31

Updated

2024-06-15

CVE-2012-4544

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Xen versions 4.2 and earlier

Description The issue allows local guest administrators to cause a denial of service by consuming domain 0 memory via a crafted kernel or ramdisk, due to the lack of validation of the size of the kernel or ramdisk before or after decompression.

Recommendations For Xen versions 4.2 and earlier, consider implementing size validation for kernels and ramdisks to prevent excessive memory consumption. As a temporary workaround, restrict the ability of local guest administrators to load custom kernels or ramdisks until a proper fix is applied.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2012-4544

DSA-2636-1

OPENSUSE-SU-2012_1572-1

OPENSUSE-SU-2012_1573-1

OPENSUSE-SU-2024:10196-1

RHSA-2013:0241

RHSA-2013_0241

SUSE-SU-2014_0411-1

Affected Products

Red Hat

Suse

Xen

PT-2012-5473 · Xen+2 · Xen+2

CVE-2012-4544

Weakness Enumeration

Related Identifiers

Affected Products

References · 219