SB2012111609 - Resource management error in xen (Alpine package)
Published: November 16, 2012
Security Bulletin ID
SB2012111609
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2012-4539)
The vulnerability allows a local non-authenticated attacker to perform service disruption.
Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka "Grant table hypercall infinite loop DoS vulnerability."
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=119185999980a6a6a78506a6b49e1a70ab55ad03
- https://git.alpinelinux.org/aports/commit/?id=a11d8b693286b605b2dfa17cbd3556eac2b951a0
- https://git.alpinelinux.org/aports/commit/?id=4be65a1c37ff21c3fec2e78bca2dd7b75dee98b9
- https://git.alpinelinux.org/aports/commit/?id=22809ecb412e53ecc84ef1213fcdfc3afa124909
- https://git.alpinelinux.org/aports/commit/?id=4bd4328e3ebf6e35bc5cb2be9d2904efec0f50e1