Vulnerability Details : CVE-2012-4544
The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.
Vulnerability category: Denial of service
Products affected by CVE-2012-4544
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-4544
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-4544
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2012-4544
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4544
-
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
[security-announce] SUSE-SU-2014:0470-1: important: Security update for
-
http://www.securitytracker.com/id?1027699
Xen Doman Builder Size Validation Bug Lets Local Guest Administrators Denial of Service - SecurityTracker
-
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html
[security-announce] SUSE-SU-2012:1487-1: important: Security update for
-
http://secunia.com/advisories/51071
Sign inVendor Advisory
-
http://osvdb.org/86619
-
http://www.debian.org/security/2013/dsa-2636
Debian -- Security Information -- DSA-2636-2 xen
-
http://www.securityfocus.com/bid/56289
Xen PV Domain Builder Kernel Decompression Local Denial Of Service Vulnerability
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092050.html
[SECURITY] Fedora 18 Update: xen-4.2.0-3.fc18
-
http://secunia.com/advisories/51413
Sign in
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html
[SECURITY] Fedora 16 Update: xen-4.1.3-3.fc16
-
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
[security-announce] openSUSE-SU-2012:1572-1: important: XEN: security an
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.html
[SECURITY] Fedora 17 Update: xen-4.1.3-5.fc17
-
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
[security-announce] SUSE-SU-2014:0446-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
[security-announce] openSUSE-SU-2012:1573-1: important: XEN: security an
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/79617
Xen PV domain builder denial of service CVE-2012-4544 Vulnerability Report
-
http://rhn.redhat.com/errata/RHSA-2013-0241.html
RHSA-2013:0241 - Security Advisory - Red Hat Customer Portal
-
http://www.openwall.com/lists/oss-security/2012/10/26/3
oss-security - Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk
-
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html
[security-announce] SUSE-SU-2012:1486-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
[security-announce] SUSE-SU-2014:0411-1: important: Security update for
-
http://secunia.com/advisories/51324
Sign in
-
http://secunia.com/advisories/51352
Sign in
Jump to