Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Xen
Опубликовано:11 марта 2013 г.
Источник:
SecurityVulns ID:12940
Тип:локальная
Уровень опасности:
5/10
Описание:Различные DoS-условия.
CVE:CVE-2013-0153 (The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests.)
 CVE-2012-5634 (Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt.)
 CVE-2012-5511 (Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image.)
 CVE-2012-4544 (The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2636-1] xen security update (11.03.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород