SB2012111608 - Input validation error in xen (Alpine package)
Published: November 16, 2012
Security Bulletin ID
SB2012111608
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2012-4538)
The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=119185999980a6a6a78506a6b49e1a70ab55ad03
- https://git.alpinelinux.org/aports/commit/?id=a11d8b693286b605b2dfa17cbd3556eac2b951a0
- https://git.alpinelinux.org/aports/commit/?id=4be65a1c37ff21c3fec2e78bca2dd7b75dee98b9
- https://git.alpinelinux.org/aports/commit/?id=22809ecb412e53ecc84ef1213fcdfc3afa124909
- https://git.alpinelinux.org/aports/commit/?id=4bd4328e3ebf6e35bc5cb2be9d2904efec0f50e1