CVE - CVE-2012-2625

CVE-ID
CVE-2012-2625	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:53650 URL:http://www.securityfocus.com/bid/53650 CONFIRM:http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe MISC:http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817 MLIST:[oss-security] 20121026 Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk URL:http://www.openwall.com/lists/oss-security/2012/10/26/3 REDHAT:RHSA-2012:1130 URL:http://rhn.redhat.com/errata/RHSA-2012-1130.html SECTRACK:1027090 URL:http://www.securitytracker.com/id?1027090 SECUNIA:49184 URL:http://secunia.com/advisories/49184 SECUNIA:51413 URL:http://secunia.com/advisories/51413 SUSE:SUSE-SU-2012:1043 URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html SUSE:SUSE-SU-2012:1044 URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html SUSE:SUSE-SU-2012:1135 URL:http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html SUSE:openSUSE-SU-2012:1172 URL:http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html SUSE:openSUSE-SU-2012:1174 URL:http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html SUSE:openSUSE-SU-2012:1572 URL:http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html SUSE:openSUSE-SU-2012:1573 URL:http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
Assigning CNA
MITRE Corporation
Date Record Created
20120511	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120511)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)