SB2012090708 - SUSE Linux update for Xen

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2012090708

SB2012090708 - SUSE Linux update for Xen

Published: September 7, 2012

Security Bulletin ID SB2012090708
Severity
Low
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-3494)

The vulnerability allows a local non-authenticated attacker to perform service disruption.

The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register.


2) Input validation error (CVE-ID: CVE-2012-3495)

The vulnerability allows a local non-authenticated attacker to #BASIC_IMPACT#.

The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.


3) Configuration (CVE-ID: CVE-2012-3496)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand.


4) Input validation error (CVE-ID: CVE-2012-3498)

The vulnerability allows a local non-authenticated attacker to #BASIC_IMPACT#.

PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index.


5) Input validation error (CVE-ID: CVE-2012-3515)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."


Remediation

Install update from vendor's website.

References