SB2013062502 - SUSE Linux update for Xen

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2013062502

SB2013062502 - SUSE Linux update for Xen

Published: June 25, 2013

Security Bulletin ID SB2013062502
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 10% Medium 20% Low 70%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2013-1917)

The vulnerability allows a local non-authenticated attacker to perform service disruption.

Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction.


2) Buffer overflow (CVE-ID: CVE-2013-1918)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table traversal."


3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-1919)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices."


4) Use-after-free (CVE-ID: CVE-2013-1920)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing unspecified vectors. A local guest kernels can inject arbitrary events and gain privileges.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


5) Input validation error (CVE-ID: CVE-2013-1952)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors.


6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-1964)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors.


7) Buffer overflow (CVE-ID: CVE-2013-2072)

The vulnerability allows a remote #AU# to execute arbitrary code.

Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap.


8) Information disclosure (CVE-ID: CVE-2013-2076)

The vulnerability allows a remote #AU# to gain access to sensitive information.

Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.


9) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-2077)

The vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.

Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors.


10) Input validation error (CVE-ID: CVE-2013-2078)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction.


Remediation

Install update from vendor's website.

References