Vulnerability Details : CVE-2012-2625
The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-2625
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 26 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-2625
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.7
|
LOW | AV:A/AC:L/Au:S/C:N/I:N/A:P |
5.1
|
2.9
|
NIST |
CWE ids for CVE-2012-2625
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2625
-
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html
[security-announce] SUSE-SU-2012:1044-1: important: Security update forThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html
[security-announce] SUSE-SU-2012:1043-1: important: Security update forThird Party Advisory
-
http://www.securityfocus.com/bid/53650
Xen PyGrub Kernel Decompression Local Denial Of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
[security-announce] openSUSE-SU-2012:1572-1: important: XEN: security anThird Party Advisory
-
http://www.securitytracker.com/id?1027090
Xen PV Bootloader Bug Lets Local Guest Users Crash the System - SecurityTrackerThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html
[security-announce] openSUSE-SU-2012:1174-1: important: Security UpdateThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
[security-announce] openSUSE-SU-2012:1573-1: important: XEN: security anThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2012/10/26/3
oss-security - Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdiskMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html
[security-announce] openSUSE-SU-2012:1172-1: important: Security UpdateThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2012-1130.html
RHSA-2012:1130 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe
xen-unstable.hg: 60f09d1ab1feVendor Advisory
-
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817
Citrix Hypervisor - Server Virtualization and Consolidation - Citrix - CitrixBroken Link
-
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html
[security-announce] SUSE-SU-2012:1135-1: important: Security update forThird Party Advisory
Products affected by CVE-2012-2625
- cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen-unstable:*:*:*:*:*:*:*:*