SB2015090301 - Multiple vulnerabilities in Xen
Published: September 3, 2015 Updated: August 9, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2015-7311)
The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2015-6654)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map the memory of a foreign guest.
Remediation
Install update from vendor's website.
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167077.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html
- http://www.debian.org/security/2015/dsa-3414
- http://www.securityfocus.com/bid/76823
- http://www.securitytracker.com/id/1033633
- http://xenbits.xen.org/xsa/advisory-142.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1257893
- https://security.gentoo.org/glsa/201604-03
- http://www.securitytracker.com/id/1033438
- http://xenbits.xen.org/xsa/advisory-141.html