// For flags

CVE-2012-4544

xen: Xen domain builder Out-of-memory due to malicious kernel/ramdisk

Severity Score

2.1
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.

El PV domain builder en Xen 4.2 y anteriores, no valida el tamaño del kernel o del ramdisk(1) antes o (2) después de la descompresión, lo que permite a administradores locales de los sistemas huésped provocar una denegación de servicio (consumo de memoria) a través de un (1)kernel o (2)ramdisk manipulado.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-08-21 CVE Reserved
  • 2012-10-31 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (23)
URL Tag Source
http://osvdb.org/86619 Vdb Entry
http://secunia.com/advisories/51324 Third Party Advisory
http://secunia.com/advisories/51352 Third Party Advisory
http://secunia.com/advisories/51413 Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/10/26/3 Mailing List
http://www.securityfocus.com/bid/56289 Vdb Entry
http://www.securitytracker.com/id?1027699 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/79617 Vdb Entry
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html 2017-08-29
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.html 2017-08-29
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092050.html 2017-08-29
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html 2017-08-29
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html 2017-08-29
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html 2017-08-29
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html 2017-08-29
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html 2017-08-29
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html 2017-08-29
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html 2017-08-29
http://rhn.redhat.com/errata/RHSA-2013-0241.html 2017-08-29
http://secunia.com/advisories/51071 2017-08-29
http://www.debian.org/security/2013/dsa-2636 2017-08-29
https://access.redhat.com/security/cve/CVE-2012-4544 2013-02-07
https://bugzilla.redhat.com/show_bug.cgi?id=870412 2013-02-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 <= 4.2.0
Search vendor "Xen" for product "Xen" and version " <= 4.2.0"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 4.1.0
Search vendor "Xen" for product "Xen" and version "4.1.0"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 4.1.1
Search vendor "Xen" for product "Xen" and version "4.1.1"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 4.1.2
Search vendor "Xen" for product "Xen" and version "4.1.2"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 4.1.3
Search vendor "Xen" for product "Xen" and version "4.1.3"
-
Affected