NVD

Id
45920  
Name
CVE-2012-4544  
Description
The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.  
Reject
 
CVSS Version
2  
CVSS Score
2.1  
Severity
Low  
CVSS Base Score
2.1  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-19  
Published
2012-10-31  
Modified Date
2014-05-05  
Seq
2012-4544  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
230685 45920 CVE-2012-4544 FEDORA-2012-17408  View
230686 45920 CVE-2012-4544 FEDORA-2012-17204  View
230687 45920 CVE-2012-4544 FEDORA-2012-17135  View
230688 45920 CVE-2012-4544 SUSE-SU-2012:1486  View
230689 45920 CVE-2012-4544 SUSE-SU-2012:1487  View
230690 45920 CVE-2012-4544 openSUSE-SU-2012:1572  View
230691 45920 CVE-2012-4544 openSUSE-SU-2012:1573  View
230692 45920 CVE-2012-4544 SUSE-SU-2014:0411  View
230693 45920 CVE-2012-4544 SUSE-SU-2014:0446  View
230694 45920 CVE-2012-4544 SUSE-SU-2014:0470  View
230695 45920 CVE-2012-4544 RHSA-2013:0241  View
230696 45920 CVE-2012-4544 DSA-2636  View
230697 45920 CVE-2012-4544 [oss-security] 20121026 Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk  View
230698 45920 CVE-2012-4544 56289  View
230699 45920 CVE-2012-4544 1027699  View
230700 45920 CVE-2012-4544 xen-pvdomainbuilder-dos(79617)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
29465 JVNDB-2012-005172 Xen の PV ドメインビルダーにおけるサービス運用妨害 (DoS) の脆弱性 Xen の PV ドメインビルダーは、カーネル、または RAMディスクの (1) 展開前または (2) 展開後のサイズを確認しないため、サービス運用妨害 (ドメイン 0 のメモリ消費) 状態となる脆弱性が存在します。 CVE-2012-4544 57782 CVE-2012-4544 45920 2.1 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005172.html 2012-10-31 2012-11-02 View