Xen arch_set_info_guest() Bug Lets Local Users Deny Service
|
|
SecurityTracker Alert ID: 1025226 |
|
SecurityTracker URL: http://securitytracker.com/id/1025226
|
|
CVE Reference:
CVE-2011-1166
(Links to External Site)
|
Date: Mar 17 2011
|
Impact:
Denial of service via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Xen. A local user on a guest operating system can cause denial of service conditions on the host operating system.
A local user on a 64-bit guest operating system can trigger a flaw in arch_set_info_guest() to cause the target host operating system to hang.
The vulnerability resides in 'xen/arch/x86/domain.c'.
64-bit versions are affected.
Jan Beulich reported this vulnerability.
|
Impact:
A local user on a guest operating system can cause denial of service conditions on the target host operating system.
|
Solution:
The vendor has issued a source code fix, available at:
http://xenbits.xen.org/hg/staging/xen-4.0-testing.hg/diff/ee088a0b5cb8/xen/arch/x86/domain.c
|
Vendor URL: www.xen.org/ (Links to External Site)
|
Cause:
State error
|
Underlying OS:
Linux (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 17 Mar 2011 20:05:39 +0000
Subject: Xen
|
CVE-2011-1166
https://bugzilla.novell.com/show_bug.cgi?id=679344
|
|
