Main Vulnerability Database SB2013011104

SB2013011104 - Configuration in xen (Alpine package)

Published: January 11, 2013

Security Bulletin ID SB2013011104

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Configuration (CVE-ID: CVE-2012-5634)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=583c334e3ee4a9ba5ea44250beee10a936780158
https://git.alpinelinux.org/aports/commit/?id=f8281e3365bc2fc99aa6232266c067585a0b83a9
https://git.alpinelinux.org/aports/commit/?id=5b4cf2b15d5a62c8ce00284410a099239d6935d2