Debian: DSA-2666-1 Critical: Xen Denial of Service Risks
debian
May 12, 2013
Multiple vulnerabilities have been discovered in the Xen hypervisor
Summary
Multiple vulnerabilities have been discovered in the Xen hypervisor. The
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2013-1918 (XSA 45) Several long latency operations are not preemptible
Some page table manipulation operations for PV guests were not made
preemptible, allowing a malicious or buggy PV guest kernel to mount a
denial of service attack affecting the whole system.
CVE-2013-1952 (XSA 49) VT-d interrupt remapping source validation flaw for bridges
Due to missing source validation on interrupt remapping table
entries for MSI interrupts set up by bridge devices, a malicious
domain with access to such a device, can mount a denial of service
attack affecting the whole system.
CVE-2013-1964 (XSA 50) grant table hypercall acquire/release imbalance
When releasing a particular, non-transitive grant after doing a grant
copy operation Xen incorrectly releases an unrelated grant
reference, leading possibly to a crash of...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: xen
CVE ID: CVE-2013-1918 CVE-2013-1952 CVE-2013-1964
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!