Main Vulnerability Database Vulnerabilities #VU42178

Input validation error in Xen - CVE-2011-1936

Published: January 7, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU42178

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-1936

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Xen Project

Affected software:
Xen

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Xen, when using x86 Intel processors and the VMX virtualization extension is enabled, does not properly handle cpuid instruction emulation when exiting the VM, which allows local guest users to cause a denial of service (guest crash) via unspecified vectors.

How to mitigate CVE-2011-1936

Install update from vendor's website.

Sources

http://rhn.redhat.com/errata/RHSA-2011-0927.html
http://www.openwall.com/lists/oss-security/2011/07/07/3

Input validation error in Xen - CVE-2011-1936

Detailed vulnerability description

How to mitigate CVE-2011-1936

Sources

Please verify you're human