Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

Debian: DSA-3286-1 Moderate: Xen Denial Of Service Issues

debian
Calendar Grey June 13, 2015
Debian Logo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------
Multiple security issues have been found in the Xen virtualisation solution: CVE-2015-3209

Summary

Multiple security issues have been found in the Xen virtualisation
solution:

CVE-2015-3209

Matt Tait discovered a flaw in the way QEMU's AMD PCnet Ethernet
emulation handles multi-TMD packets with a length above 4096 bytes.
A privileged guest user in a guest with an AMD PCNet ethernet card
enabled can potentially use this flaw to execute arbitrary code on
the host with the privileges of the hosting QEMU process.

CVE-2015-4103

Jan Beulich discovered that the QEMU Xen code does not properly
restrict write access to the host MSI message data field, allowing
a malicious guest to cause a denial of service.

CVE-2015-4104

Jan Beulich discovered that the QEMU Xen code does not properly
restrict access to PCI MSI mask bits, allowing a malicious guest to
cause a denial of service.

CVE-2015-4105

Jan Beulich reported that the QEMU Xen code enables logging for PCI
MSI-X pass-through error messages, allowing a malicious guest to
cause a denial of se...

Read the Full Advisory

Package: xen
CVE ID: CVE-2015-3209 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.