SB2013060407 - Input validation error in xen (Alpine package)
Published: June 4, 2013
Security Bulletin ID
SB2013060407
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2013-2078)
The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=a2883b66233b3bc958ccb3555996adeacd070c64
- https://git.alpinelinux.org/aports/commit/?id=9da25b8784e5b39b905e86bdb94e5a0026f10bd4
- https://git.alpinelinux.org/aports/commit/?id=e466dbbf828a8e83c3f34d7311afcaf02e1d2408
- https://git.alpinelinux.org/aports/commit/?id=f6e99451d47fbe7cdb852f48dd11006808db52ae