Security Information / 2011 / Security Information -- DSA-2337-1 xen

Debian Security Advisory

DSA-2337-1 xen -- several vulnerabilities

Date Reported:

06 Nov 2011

Affected Packages:

xen

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2011-1166, CVE-2011-1583, CVE-2011-1898, CVE-2011-3262.

More information:

Several vulnerabilities were discovered in the Xen virtual machine hypervisor.

• CVE-2011-1166

  A 64-bit guest can get one of its vCPUs into non-kernel mode without first providing a valid non-kernel pagetable, thereby locking up the host system.

• CVE-2011-1583, CVE-2011-3262

  Local users can cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image.

• CVE-2011-1898

  When using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, guest OS users can gain host OS privileges by writing to the interrupt injection registers.

The oldstable distribution (lenny) contains a different version of Xen not affected by these problems.

For the stable distribution (squeeze), this problem has been fixed in version 4.0.1-4.

For the testing (wheezy) and unstable distribution (sid), this problem has been fixed in version 4.1.1-1.

We recommend that you upgrade your xen packages.