CVE-2012-2625

xen: pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel

Severity Score

2.7

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image.

El gestor de arranque Pygrub en Xen inestable ante del changeset 25589:60f09d1ab1fe, v4.2.x, v4.1.x permite causar una denegación de servicio (consumo de memoria) a usuarios locales para-virtualizados a través de una imagen del kernel comprimida en (1) o bzip2 (2) lzma demasiado grande.

*Credits: N/A

CVSS Scores

NISTv2 2.7

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-05-11 CVE Reserved
2012-07-31 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (17)

URL	Tag	Source
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817	Broken Link
http://secunia.com/advisories/49184	Third Party Advisory
http://secunia.com/advisories/51413	Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/10/26/3	Mailing List
http://www.securityfocus.com/bid/53650	Third Party Advisory
http://www.securitytracker.com/id?1027090	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html	2018-04-13
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html	2018-04-13
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html	2018-04-13
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html	2018-04-13
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html	2018-04-13
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html	2018-04-13
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html	2018-04-13
http://rhn.redhat.com/errata/RHSA-2012-1130.html	2018-04-13
http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe	2018-04-13
https://access.redhat.com/security/cve/CVE-2012-2625	2012-07-31
https://bugzilla.redhat.com/show_bug.cgi?id=821676	2012-07-31

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				4.1.0 Search vendor "Xen" for product "Xen" and version "4.1.0"		-		Affected
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				4.1.1 Search vendor "Xen" for product "Xen" and version "4.1.1"		-		Affected
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				4.1.2 Search vendor "Xen" for product "Xen" and version "4.1.2"		-		Affected
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				4.1.3 Search vendor "Xen" for product "Xen" and version "4.1.3"		-		Affected
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				4.2.0 Search vendor "Xen" for product "Xen" and version "4.2.0"		-		Affected
Xen Search vendor "Xen"		Xen-unstable Search vendor "Xen" for product "Xen-unstable"				< 25589\:60f09d1ab1fe Search vendor "Xen" for product "Xen-unstable" and version " < 25589\:60f09d1ab1fe"		-		Affected