Solution
Please Install the Updated Packages.
Insight
The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux.
A flaw was found in the way the pyGrub boot loader handled compressed kernel images. A privileged guest user in a para-virtualized guest (a DomU) could use this flaw to create a crafted kernel image that, when attempting to boot it, could result in an out-of-memory condition in the privileged domain (the Dom0). (CVE-2012-2625)
Red Hat would like to thank Xinli Niu for reporting this issue.
All users of xen are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the xend service must be restarted for this update to take effect.
Affected
xen on CentOS 5
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-2625 -
CVSS Base Score: 2.7
AV:A/AC:L/Au:S/C:N/I:N/A:P
Related Vulnerabilities