SB2012120605 - SUSE Linux update for Xen

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2012120605

SB2012120605 - SUSE Linux update for Xen

Published: December 6, 2012

Security Bulletin ID SB2012120605
Severity
Medium
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 40% Low 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Resource management error (CVE-ID: CVE-2012-4535)

The vulnerability allows a local non-authenticated attacker to perform service disruption.

Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline."


2) Configuration (CVE-ID: CVE-2012-4537)

The vulnerability allows a local non-authenticated attacker to perform service disruption.

Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability."


3) Input validation error (CVE-ID: CVE-2012-4538)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors.


4) Resource management error (CVE-ID: CVE-2012-4539)

The vulnerability allows a local non-authenticated attacker to perform service disruption.

Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka "Grant table hypercall infinite loop DoS vulnerability."


5) Input validation error (CVE-ID: CVE-2012-5510)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors.


6) Stack-based buffer overflow (CVE-ID: CVE-2012-5511)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a large bitmap image. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


7) Configuration (CVE-ID: CVE-2012-5512)

The vulnerability allows a local #AU# to #BASIC_IMPACT#.

Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors.


8) Input validation error (CVE-ID: CVE-2012-5513)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range.


9) Input validation error (CVE-ID: CVE-2012-5514)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors.


10) Input validation error (CVE-ID: CVE-2012-5515)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value.


Remediation

Install update from vendor's website.

References