CVE-2011-1583 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2011-1583 Interim 1 14 2023-12-08T03:01:31Z current 2021-05-30T12:57:13Z 2023-12-08T03:01:31Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2011-1583 Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SP1-TERADATA libvirt-0.7.6-1.21.1 libvirt-doc-0.7.6-1.21.1 libvirt-python-0.7.6-1.21.1 vm-install-0.4.30-0.3.2 xen-4.0.1_21326_08-0.5.1 xen-doc-html-4.0.1_21326_08-0.5.1 xen-doc-pdf-4.0.1_21326_08-0.5.1 xen-kmp-default-4.0.1_21326_08_2.6.32.36_0.5-0.5.1 xen-libs-4.0.1_21326_08-0.5.1 xen-tools-4.0.1_21326_08-0.5.1 xen-tools-domU-4.0.1_21326_08-0.5.1 libvirt-0.7.6-1.21.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA libvirt-doc-0.7.6-1.21.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA libvirt-python-0.7.6-1.21.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA vm-install-0.4.30-0.3.2 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA xen-4.0.1_21326_08-0.5.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA xen-doc-html-4.0.1_21326_08-0.5.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA xen-doc-pdf-4.0.1_21326_08-0.5.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA xen-kmp-default-4.0.1_21326_08_2.6.32.36_0.5-0.5.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA xen-libs-4.0.1_21326_08-0.5.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA xen-tools-4.0.1_21326_08-0.5.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA xen-tools-domU-4.0.1_21326_08-0.5.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields. CVE-2011-1583 SUSE Linux Enterprise Server 11 SP1-TERADATA:libvirt-0.7.6-1.21.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:libvirt-doc-0.7.6-1.21.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:libvirt-python-0.7.6-1.21.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:vm-install-0.4.30-0.3.2 SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.1_21326_08-0.5.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.1_21326_08-0.5.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.1_21326_08-0.5.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.1_21326_08_2.6.32.36_0.5-0.5.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.1_21326_08-0.5.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.1_21326_08-0.5.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.1_21326_08-0.5.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C