Main Vulnerability Database SB2012120307

SB2012120307 - Input validation error in xen (Alpine package)

Published: December 3, 2012

Security Bulletin ID SB2012120307

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2012-5510)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=a11d8b693286b605b2dfa17cbd3556eac2b951a0
https://git.alpinelinux.org/aports/commit/?id=4be65a1c37ff21c3fec2e78bca2dd7b75dee98b9
https://git.alpinelinux.org/aports/commit/?id=02c9cf16cb335a73de4a175a8f9a451a4a19a1ed