CVE-2012-4544

Published: 31 October 2012

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.

Priority

Medium

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.2.0-1ubuntu2)
Patches:
Upstream: http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=127c78b8b7615b2e895a879792f4b0b825a02a81
Binaries built from this source package are in Universe and so are supported by the community.
xen-3.1
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=127c78b8b7615b2e895a879792f4b0b825a02a81
Binaries built from this source package are in Universe and so are supported by the community.
xen-3.2
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=127c78b8b7615b2e895a879792f4b0b825a02a81
Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=127c78b8b7615b2e895a879792f4b0b825a02a81
Binaries built from this source package are in Universe and so are supported by the community.