CVE-2011-1583
xen: insufficiencies in pv kernel image validation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.
Múltiples desbordamientos de entero en tools/libxc/xc_dom_bzimageloader.c en Xen v3.2, v3.3, v4.0, y v4.1 permite a usuarios locales provocar una denegación de servicio y posiblemente ejecutar código de su elección a través de invitados "paravirtualizados" manipulados en la imagen del kernel que dispara (1) un desbordamiento de búfer durante la descompresión de bucle o (2) una lectura fuera de límites en el cargador envolviendo un campo de longitud no especificada.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-04-05 CVE Reserved
- 2011-08-12 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html | 2011-08-24 | |
| http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html | 2011-08-24 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2011-0496.html | 2011-08-24 | |
| https://access.redhat.com/security/cve/CVE-2011-1583 | 2011-05-09 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=696927 | 2011-05-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Citrix Search vendor "Citrix" | Xen Search vendor "Citrix" for product "Xen" | 3.2.0 Search vendor "Citrix" for product "Xen" and version "3.2.0" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Xen Search vendor "Citrix" for product "Xen" | 3.3.0 Search vendor "Citrix" for product "Xen" and version "3.3.0" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Xen Search vendor "Citrix" for product "Xen" | 4.0.0 Search vendor "Citrix" for product "Xen" and version "4.0.0" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Xen Search vendor "Citrix" for product "Xen" | 4.1.0 Search vendor "Citrix" for product "Xen" and version "4.1.0" | - |
Affected
| ||||||