CVE-2011-3262 — Infinite Loop in XEN

CWE-3996 documents6 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 73.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Citrix XEN

Timeline

PublishedAug 19

Latest updateMay 17

Description

tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop."

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.1.1-1 (bookworm)

▶Debianxen/xen< 4.1.1-1+3

▶NVDcitrix/xen4 versions+3

Patches

Patch: lists.xensource.com ↗Patch: lists.xensource.com ↗Patch: lists.xensource.com ↗

🔴Vulnerability Details

GHSA

GHSA-h3q2-c8qw-f4hc: tools/libxc/xc_dom_bzimageloader↗2022-05-17

▶

OSV

CVE-2011-3262: tools/libxc/xc_dom_bzimageloader↗2011-08-19

▶

📋Vendor Advisories

Red Hat

xen: insufficiencies in pv kernel image validation↗2011-05-09

▶

Debian

CVE-2011-3262: xen - tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local us...↗2011

▶

💬Community

Bugzilla

CVE-2011-1583 CVE-2011-3262 xen: insufficiencies in pv kernel image validation↗2011-04-15

▶