LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

xen: arbitrary code execution

Package(s):xen CVE #(s):CVE-2011-1583
Created:May 9, 2011 Updated:November 7, 2011
Description: From the Red Hat advisory:

It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain (Dom0).

Alerts:
Debian DSA-2337-1 2011-11-06
openSUSE openSUSE-SU-2011:0578-1 2011-06-01
openSUSE openSUSE-SU-2011:0580-1 2011-06-01
Fedora FEDORA-2011-6914 2011-05-13
Red Hat RHSA-2011:0496-01 2011-05-09
CentOS CESA-2011:0496 2011-05-11
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds