Main Vulnerability Database SB2013041806

SB2013041806 - Input validation error in xen (Alpine package)

Published: April 18, 2013

Security Bulletin ID SB2013041806

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2013-1917)

The vulnerability allows a local non-authenticated attacker to perform service disruption.

Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=6665cdadf07a7dc49d8e128fc8cdd368751c2bef
https://git.alpinelinux.org/aports/commit/?id=8c7a03b0e4c14ef5142e44a733ef2b39816c1d18