Main Vulnerability Database SB2012061209

SB2012061209 - Input validation error in xen (Alpine package)

Published: June 12, 2012

Security Bulletin ID SB2012061209

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2006-0744)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=be9fdf040952f1d584775c20c39632a62de34c48
https://git.alpinelinux.org/aports/commit/?id=416d069cb4bfd802fe7566814f4c9870650d6c31