Main Vulnerability Database SB2013041807

SB2013041807 - Permissions, Privileges, and Access Controls in xen (Alpine package)

Published: April 18, 2013

Security Bulletin ID SB2013041807

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-1919)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices."

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=6665cdadf07a7dc49d8e128fc8cdd368751c2bef
https://git.alpinelinux.org/aports/commit/?id=8c7a03b0e4c14ef5142e44a733ef2b39816c1d18