SB2013060406 - Permissions, Privileges, and Access Controls in xen (Alpine package)
Published: June 4, 2013
Security Bulletin ID
SB2013060406
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-2077)
The vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.
Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=a2883b66233b3bc958ccb3555996adeacd070c64
- https://git.alpinelinux.org/aports/commit/?id=9da25b8784e5b39b905e86bdb94e5a0026f10bd4
- https://git.alpinelinux.org/aports/commit/?id=e466dbbf828a8e83c3f34d7311afcaf02e1d2408
- https://git.alpinelinux.org/aports/commit/?id=f6e99451d47fbe7cdb852f48dd11006808db52ae