SB2012111607 - Configuration in xen (Alpine package)
Published: November 16, 2012
Security Bulletin ID
SB2012111607
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Configuration (CVE-ID: CVE-2012-4537)
The vulnerability allows a local non-authenticated attacker to perform service disruption.
Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability."
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=119185999980a6a6a78506a6b49e1a70ab55ad03
- https://git.alpinelinux.org/aports/commit/?id=a11d8b693286b605b2dfa17cbd3556eac2b951a0
- https://git.alpinelinux.org/aports/commit/?id=4be65a1c37ff21c3fec2e78bca2dd7b75dee98b9
- https://git.alpinelinux.org/aports/commit/?id=22809ecb412e53ecc84ef1213fcdfc3afa124909
- https://git.alpinelinux.org/aports/commit/?id=4bd4328e3ebf6e35bc5cb2be9d2904efec0f50e1