The Xen PV domain builder contained no validation of the size of the supplied kernel or ramdisk either before or after decompression. This could cause the toolstack to consume all available RAM in the domain running the domain builder.
A malicious guest administrator who can supply a kernel or ramdisk can exhaust memory in domain 0 leading to a denial of service attack.
HVM guests are not affected by this vulnerability.
Red Hat would like to thank the Xen project for reporting this issue.
Created xen tracking bugs for this issue
Affects: fedora-all [bug 870414]
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2013:0241 https://rhn.redhat.com/errata/RHSA-2013-0241.html