Vulnerability Details CVE-2012-2625
The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.5%
CVSS Severity
CVSS v2 Score 2.7
References
- http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
- http://rhn.redhat.com/errata/RHSA-2012-1130.html
- http://secunia.com/advisories/49184
- http://secunia.com/advisories/51413
- http://www.openwall.com/lists/oss-security/2012/10/26/3
- http://www.securityfocus.com/bid/53650
- http://www.securitytracker.com/id?1027090
- http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe
- http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
- http://rhn.redhat.com/errata/RHSA-2012-1130.html
- http://secunia.com/advisories/49184
- http://secunia.com/advisories/51413
- http://www.openwall.com/lists/oss-security/2012/10/26/3
- http://www.securityfocus.com/bid/53650
- http://www.securitytracker.com/id?1027090
- http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe
Products affected by CVE-2012-2625
-
cpe:2.3:o:xen:xen-unstable:25530
-
cpe:2.3:o:xen:xen-unstable:25531
-
cpe:2.3:o:xen:xen-unstable:25532
-
cpe:2.3:o:xen:xen-unstable:25533
-
cpe:2.3:o:xen:xen-unstable:25534
-
cpe:2.3:o:xen:xen-unstable:25535
-
cpe:2.3:o:xen:xen-unstable:25536
-
cpe:2.3:o:xen:xen-unstable:25537
-
cpe:2.3:o:xen:xen-unstable:25538
-
cpe:2.3:o:xen:xen-unstable:25539
-
cpe:2.3:o:xen:xen-unstable:25540
-
cpe:2.3:o:xen:xen-unstable:25541
-
cpe:2.3:o:xen:xen-unstable:25542
-
cpe:2.3:o:xen:xen-unstable:25543
-
cpe:2.3:o:xen:xen-unstable:25544
-
cpe:2.3:o:xen:xen-unstable:25545
-
cpe:2.3:o:xen:xen-unstable:25546
-
cpe:2.3:o:xen:xen-unstable:25547
-
cpe:2.3:o:xen:xen-unstable:25548
-
cpe:2.3:o:xen:xen-unstable:25549
-
cpe:2.3:o:xen:xen-unstable:25550
-
cpe:2.3:o:xen:xen-unstable:25551
-
cpe:2.3:o:xen:xen-unstable:25552
-
cpe:2.3:o:xen:xen-unstable:25553
-
cpe:2.3:o:xen:xen-unstable:25554
-
cpe:2.3:o:xen:xen-unstable:25555
-
cpe:2.3:o:xen:xen-unstable:25556
-
cpe:2.3:o:xen:xen-unstable:25557
-
cpe:2.3:o:xen:xen-unstable:25558
-
cpe:2.3:o:xen:xen-unstable:25559
-
cpe:2.3:o:xen:xen-unstable:25560
-
cpe:2.3:o:xen:xen-unstable:25561
-
cpe:2.3:o:xen:xen-unstable:25562
-
cpe:2.3:o:xen:xen-unstable:25563
-
cpe:2.3:o:xen:xen-unstable:25564
-
cpe:2.3:o:xen:xen-unstable:25565
-
cpe:2.3:o:xen:xen-unstable:25566
-
cpe:2.3:o:xen:xen-unstable:25567
-
cpe:2.3:o:xen:xen-unstable:25568
-
cpe:2.3:o:xen:xen-unstable:25569
-
cpe:2.3:o:xen:xen-unstable:25570
-
cpe:2.3:o:xen:xen-unstable:25571
-
cpe:2.3:o:xen:xen-unstable:25572
-
cpe:2.3:o:xen:xen-unstable:25573
-
cpe:2.3:o:xen:xen-unstable:25574
-
cpe:2.3:o:xen:xen-unstable:25575
-
cpe:2.3:o:xen:xen-unstable:25576
-
cpe:2.3:o:xen:xen-unstable:25577
-
cpe:2.3:o:xen:xen-unstable:25578
-
cpe:2.3:o:xen:xen-unstable:25579
-
cpe:2.3:o:xen:xen-unstable:25580
-
cpe:2.3:o:xen:xen-unstable:25581
-
cpe:2.3:o:xen:xen-unstable:25582
-
cpe:2.3:o:xen:xen-unstable:25583
-
cpe:2.3:o:xen:xen-unstable:25584
-
cpe:2.3:o:xen:xen-unstable:25585
-
cpe:2.3:o:xen:xen-unstable:25586
-
cpe:2.3:o:xen:xen-unstable:25587
-
cpe:2.3:o:xen:xen-unstable:25588
-
cpe:2.3:o:xen:xen:4.1.0
-
cpe:2.3:o:xen:xen:4.1.1
-
cpe:2.3:o:xen:xen:4.1.2
-
cpe:2.3:o:xen:xen:4.1.3
-
cpe:2.3:o:xen:xen:4.2.0