Xen PV Bootloader Bug Lets Local Guest Users Crash the System
|
|
SecurityTracker Alert ID: 1027090 |
|
SecurityTracker URL: http://securitytracker.com/id/1027090
|
|
CVE Reference:
CVE-2012-2625
(Links to External Site)
|
Updated: May 22 2012
|
Original Entry Date: May 22 2012
|
Impact:
Denial of service via local system
|
Exploit Included: Yes
|
Version(s): 4.1.2
|
Description:
A vulnerability was reported in Xen. A local user on the guest virtual machine can cause denial of service conditions.
A local user on the guest virtual machine can load a specially crafted bzip2 or lzma compressed kernel image to trigger a flaw in the pv bootloader and cause the target system to crash.
Xinli Niu reported this vulnerability.
|
Impact:
A local user on the guest virtual machine can cause the target system to crash.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.xen.org/ (Links to External Site)
|
Cause:
Input validation error, State error
|
Underlying OS:
Linux (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 22 May 2012 20:30:53 +0000
Subject: Xen
|
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817
> pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel
|
|
