SB2013062104 - Input validation error in xen (Alpine package)
Published: June 21, 2013
Security Bulletin ID
SB2013062104
CSH Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Input validation error (CVE-ID: CVE-2013-2194)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=dac4485dfa4d8ae59e99caf4b911c196dc2b717f
- https://git.alpinelinux.org/aports/commit/?id=386d947eaf640de1a5515087a2b65d5960e5624b
- https://git.alpinelinux.org/aports/commit/?id=19901df1bcb30f294ee615cd161ba33d67c75771
- https://git.alpinelinux.org/aports/commit/?id=50869d41a1af768fb0c39ff2d059a8bec102bc91