DSA-2666-1 xen -- severalID: oval:org.secpod.oval:def:601013 | Date: (C)2013-05-14 (M)2022-10-10 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1918 Several long latency operations are not preemptible Some page table manipulation operations for PV guests were not made preemptible, allowing a malicious or buggy PV guest kernel to mount a denial of service attack affecting the whole system. CVE-2013-1952 VT-d interrupt remapping source validation flaw for bridges Due to missing source validation on interrupt remapping table entries for MSI interrupts set up by bridge devices, a malicious domain with access to such a device, can mount a denial of service attack affecting the whole system. CVE-2013-1964 grant table hypercall acquire/release imbalance When releasing a particular, non-transitive grant after doing a grant copy operation Xen incorrectly releases an unrelated grant reference, leading possibly to a crash of the host system. Furthermore information leakage or privilege escalation cannot be ruled out.
Platform: |
Debian 7.0 |
Debian 6.0 |