Integer Overflow Vulnerability in Xen Hypervisor Affects Multiple Versions
CVE-2011-1583

Currently unrated

Key Information:

Vendor: Citrix
Status: Xen
Vendor: CVE Published:; 12 August 2011

Summary

Multiple integer overflow vulnerabilities identified in the Xen hypervisor's handling of paravirtualised guest kernel images can lead to serious security issues. Specifically, local users may exploit these vulnerabilities to cause a denial of service or potentially execute arbitrary code. The flaws arise within the bzimageloader component of the hypervisor, where improper validation of kernel image parameters can trigger buffer overflows during decompression loops and affect out-of-bounds reads. This can compromise the integrity and availability of virtualized environments.

References

http://lists.xensource.com/archives/html/xen-devel/2011-0...

mailing-listx_refsource_MLIST

http://rhn.redhat.com/errata/RHSA-2011-0496.html

vendor-advisoryx_refsource_REDHAT

http://lists.xensource.com/archives/html/xen-devel/2011-0...

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Aug 12, 2011
Vulnerability Reserved
Apr 5, 2011