CVE-2012-2625 — Improper Input Validation in Xen-unstable

CWE-20 — Improper Input Validation6 documents6 sources

Severity

2.7LOWNVD

EPSS

0.3%

top 45.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN XEN Xen-unstable Debian XEN

Timeline

PublishedOct 31

Latest updateMay 14

Description

The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image.

CVSS vector

AV:A/AC:L/C:N/I:N/A:PExploitability: 5.1 | Impact: 2.9

Affected Packages4 packages

▶NVDxen/xen-unstable< 25589\:60f09d1ab1fe

▶debiandebian/xen< xen 4.1.3-4 (bookworm)

▶Debianxen/xen< 4.1.3-4+3

▶NVDxen/xen5 versions+4

🔴Vulnerability Details

GHSA

GHSA-87h8-hfg7-gxc3: The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4↗2022-05-14

▶

OSV

CVE-2012-2625: The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4↗2012-10-31

▶

📋Vendor Advisories

Red Hat

xen: pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel↗2012-05-04

▶

Debian

CVE-2012-2625: xen - The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2....↗2012

▶

💬Community

Bugzilla

CVE-2012-2625 xen: pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel↗2012-05-15

▶