Launchpad CVE tracker

CVE 2012-4544

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.

Related bugs and status

CVE-2012-4544 (Candidate) is related to these bugs:

Bug #1086801: xen: security advisories 20-25

		In	Importance	Status
1086801	xen: security advisories 20-25	xen (Ubuntu)	Medium	Fix Released
1086801	xen: security advisories 20-25	xen (Ubuntu Raring)	Medium	Fix Released
1086801	xen: security advisories 20-25	xen (Ubuntu Quantal)	Medium	Fix Released
1086801	xen: security advisories 20-25	xen (Ubuntu Precise)	Medium	Fix Released
1086801	xen: security advisories 20-25	xen (Ubuntu Oneiric)	Medium	Fix Released

Bug #1086875: xen: security advisories 26-32

		In	Importance	Status
1086875	xen: security advisories 26-32	xen (Ubuntu)	Medium	Fix Released
1086875	xen: security advisories 26-32	xen (Ubuntu Raring)	Medium	Fix Released
1086875	xen: security advisories 26-32	xen (Ubuntu Quantal)	Medium	Fix Released
1086875	xen: security advisories 26-32	xen (Ubuntu Precise)	Medium	Fix Released
1086875	xen: security advisories 26-32	xen (Ubuntu Oneiric)	Medium	Fix Released

Bug #1176209: Import problem caused by duplicate message ID

		In	Importance	Status
1176209	Import problem caused by duplicate message ID	xen (Ubuntu)	Low	Invalid
1176209	Import problem caused by duplicate message ID	xen (Ubuntu Precise)	Low	Fix Released
1176209	Import problem caused by duplicate message ID	xen (Ubuntu Quantal)	Low	Fix Released

Bug #1180396: Xen stable update to 4.1.5

		In	Importance	Status
1180396	Xen stable update to 4.1.5	xen (Ubuntu)	Low	Invalid
1180396	Xen stable update to 4.1.5	xen (Ubuntu Precise)	Medium	Fix Released
1180396	Xen stable update to 4.1.5	xen (Ubuntu Quantal)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-4544

References