CVE-2012-4544 Information

Description

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092050.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html http://osvdb.org/86619 http://rhn.redhat.com/errata/RHSA-2013-0241.html http://secunia.com/advisories/51071 http://secunia.com/advisories/51324 http://secunia.com/advisories/51352 http://secunia.com/advisories/51413 http://www.debian.org/security/2013/dsa-2636 http://www.openwall.com/lists/oss-security/2012/10/26/3 http://www.securityfocus.com/bid/56289 http://www.securitytracker.com/id?1027699 https://exchange.xforce.ibmcloud.com/vulnerabilities/79617