Computer Security
[EN] securityvulns.ru no-pyccku


Xen security vulnerabilities
Published:05.06.2013
Source:
SecurityVulns ID:13110
Type:local
Threat Level:
5/10
Description:DoS, information leakage, privilege escalation.
Affected:XEN : Xen 4.0
 XEN : Xen 4.1
CVE:CVE-2013-1964 (Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.)
 CVE-2013-1952 (Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors.)
 CVE-2013-1918 (Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table traversal.")
Original documentdocumentDEBIAN, [SECURITY] [DSA 2666-1] xen security update (05.06.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod