CVE-2012-5511

Published: 13 December 2012

Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image.

Notes

Author	Note
mdeslaur	This is XSA-27

Priority

Status

Package	Release	Status
xen Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	oneiric	Released (4.1.1-2ubuntu4.3)
	precise	Released (4.1.2-2ubuntu2.3)
	quantal	Released (4.1.3-3ubuntu1.1)
	raring	Released (4.2.0-1ubuntu4)
	saucy	Released (4.2.0-1ubuntu4)
	trusty	Released (4.2.0-1ubuntu4)
	upstream	Released (4.2)
	Binaries built from this source package are in Universe and so are supported by the community.
xen-3.1 Launchpad, Ubuntu, Debian	hardy	Not vulnerable
	lucid	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	Binaries built from this source package are in Universe and so are supported by the community.
xen-3.2 Launchpad, Ubuntu, Debian	hardy	Not vulnerable
	lucid	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Ignored (reached end-of-life)
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	Binaries built from this source package are in Universe and so are supported by the community.

References

Bugs

https://bugs.launchpad.net/bugs/1086875

CVE-2012-5511

Notes

Medium

Status

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading