CVE-2012-2625
xen - several
EPSS 0.31%
Description
The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image.
How to fix CVE-2012-2625
To remediate CVE-2012-2625, upgrade the affected package to a fixed version below.
- Debian/xen—upgrade to 4.1.3-4 or later
- Debian/xen—upgrade to 4.0.1-5.7 or later
Is CVE-2012-2625 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.1.3-4
- from 0, < 4.0.1-5.7