SB2012111606 - Resource management error in xen (Alpine package)
Published: November 16, 2012
Security Bulletin ID
SB2012111606
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2012-4535)
The vulnerability allows a local non-authenticated attacker to perform service disruption.
Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline."
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=119185999980a6a6a78506a6b49e1a70ab55ad03
- https://git.alpinelinux.org/aports/commit/?id=a11d8b693286b605b2dfa17cbd3556eac2b951a0
- https://git.alpinelinux.org/aports/commit/?id=4be65a1c37ff21c3fec2e78bca2dd7b75dee98b9
- https://git.alpinelinux.org/aports/commit/?id=22809ecb412e53ecc84ef1213fcdfc3afa124909
- https://git.alpinelinux.org/aports/commit/?id=4bd4328e3ebf6e35bc5cb2be9d2904efec0f50e1