Debian Security Advisory
DSA-2666-1 xen -- several vulnerabilities
- Date Reported:
- 12 May 2013
- Affected Packages:
- xen
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2013-1918, CVE-2013-1952, CVE-2013-1964.
- More information:
-
Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems:
- CVE-2013-1918
(XSA 45) several long latency operations are not preemptible.
Some page table manipulation operations for PV guests were not made preemptible, allowing a malicious or buggy PV guest kernel to mount a denial of service attack affecting the whole system.
- CVE-2013-1952
(XSA 49) VT-d interrupt remapping source validation flaw for bridges.
Due to missing source validation on interrupt remapping table entries for MSI interrupts set up by bridge devices, a malicious domain with access to such a device can mount a denial of service attack affecting the whole system.
- CVE-2013-1964
(XSA 50) grant table hypercall acquire/release imbalance.
When releasing a particular, non-transitive grant after doing a grant copy operation, Xen incorrectly releases an unrelated grant reference, leading possibly to a crash of the host system. Furthermore information leakage or privilege escalation cannot be ruled out.
For the oldstable distribution (squeeze), these problems have been fixed in version 4.0.1-5.11.
For the stable distribution (wheezy), these problems have been fixed in version 4.1.4-3+deb7u1.
For the testing distribution (jessie), these problems have been fixed in version 4.1.4-4.
For the unstable distribution (sid), these problems have been fixed in version 4.1.4-4.
Note that for the stable (wheezy), testing and unstable distribution, CVE-2013-1964 (XSA 50) was already fixed in version 4.1.4-3.
We recommend that you upgrade your xen packages.
- CVE-2013-1918