CVE-2012-4544

NameCVE-2012-4544
DescriptionThe PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2636-1
NVD severitylow (attack range: local)
Debian Bugs688125
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)squeeze (security), squeeze4.0.1-5.11fixed
wheezy4.1.4-3+deb7u3fixed
wheezy (security)4.1.4-3+deb7u4fixed
jessie, sid4.4.1-6fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensource(unstable)4.1.3-4low688125
xensourcesqueeze4.0.1-5.7lowDSA-2636-1

Search for package or bug name: Reporting problems