SB2014082504 - Resource management error in xen (Alpine package)
Published: August 25, 2014
Security Bulletin ID
SB2014082504
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2014-5149)
The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=695a72617ae53a60aaefe8567f3e245882e5d6b8
- https://git.alpinelinux.org/aports/commit/?id=34cd3222cc7f54f16d6de20f5c5868a69c0edc4b
- https://git.alpinelinux.org/aports/commit/?id=9a7a36301a933b7cb457c5d81ecc31c4667d2668
- https://git.alpinelinux.org/aports/commit/?id=deffb3e9dbc9198afd2ea6c8e648a32a574a0056