CVE-2011-1583

critical

Description

Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.

References

http://rhn.redhat.com/errata/RHSA-2011-0496.html

http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html

http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html

Details

Source: Mitre, NVD

Published: 2011-08-12

Updated: 2011-08-24

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical