SB2012112307 - Multiple vulnerabilities in Xen
Published: November 23, 2012 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2013-0154)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall.
2) Resource management error (CVE-ID: CVE-2012-6333)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input.
3) Input validation error (CVE-ID: CVE-2012-5525)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read.
4) Input validation error (CVE-ID: CVE-2012-6030)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
5) Input validation error (CVE-ID: CVE-2012-6031)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the "bad_copy error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
6) Input validation error (CVE-ID: CVE-2012-6032)
The vulnerability allows local guest OS users to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (memory corruption and host crash) via unspecified vectors.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-6033)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
8) Input validation error (CVE-ID: CVE-2012-6034)
The vulnerability allows local guest OS users to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors.
9) Input validation error (CVE-ID: CVE-2012-6035)
The vulnerability allows local guest OS users to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors.
10) Input validation error (CVE-ID: CVE-2012-6036)
The vulnerability allows local guest OS users to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (memory corruption and host crash) or possibly execute arbitrary code via unspecified vectors.
11) Information disclosure (CVE-ID: CVE-2012-4411)
The vulnerability allows a local #AU# to gain access to sensitive information.
The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html
- http://osvdb.org/88913
- http://seclists.org/oss-sec/2013/q1/att-17/xsa37-4_2.patch
- http://secunia.com/advisories/55082
- http://security.gentoo.org/glsa/glsa-201309-24.xml
- http://www.openwall.com/lists/oss-security/2013/01/04/2
- http://www.securityfocus.com/bid/57159
- http://www.securitytracker.com/id?1027937
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80977
- http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html
- http://secunia.com/advisories/51397
- http://secunia.com/advisories/51486
- http://secunia.com/advisories/51487
- http://support.citrix.com/article/CTX135777
- http://www.openwall.com/lists/oss-security/2012/12/03/10
- http://www.osvdb.org/88129
- http://www.securityfocus.com/bid/56796
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80484
- http://www.openwall.com/lists/oss-security/2012/12/03/6
- http://www.osvdb.org/88133
- http://www.securityfocus.com/bid/56805
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80480
- http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
- http://osvdb.org/85199
- http://secunia.com/advisories/50472
- http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities
- http://www.openwall.com/lists/oss-security/2012/09/05/8
- http://www.securityfocus.com/bid/55410
- http://www.securitytracker.com/id?1027482
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78268
- https://security.gentoo.org/glsa/201604-03
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80326
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
- http://lists.xen.org/archives/html/xen-announce/2012-09/msg00007.html
- http://lists.xen.org/archives/html/xen-announce/2012-09/msg00008.html
- http://secunia.com/advisories/50493
- http://secunia.com/advisories/51324
- http://secunia.com/advisories/51352
- http://secunia.com/advisories/51413
- http://www.debian.org/security/2012/dsa-2543
- http://www.openwall.com/lists/oss-security/2012/09/06/2
- http://www.openwall.com/lists/oss-security/2012/09/06/7
- http://www.openwall.com/lists/oss-security/2012/09/07/5
- http://www.securityfocus.com/bid/55442