CVE-2011-1583
Xen 3.2-4.1 - Denial of Service and Possible Remote Code Execution via Paravirtualised Guest Kernel Image
Title source: llmDescription
Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.
References (3)
Core 3
Core References
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2011-0496.html
Patch mailing-list
x_refsource_mlist
http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html
Scores
EPSS
0.0052
EPSS Percentile
66.8%
Details
CWE
CWE-189
Status
published
Products (4)
citrix/xen
3.2.0
citrix/xen
3.3.0
citrix/xen
4.0.0
citrix/xen
4.1.0
Published
Aug 12, 2011
Tracked Since
Feb 18, 2026