SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Citrix XenServer Vendors:   Citrix
(Citrix Issues Fix for Citrix XenServer) Xen AMD CPU Bug May Let Local Guest Users Deny Service on the Host System
SecurityTracker Alert ID:  1029665
SecurityTracker URL:  http://securitytracker.com/id/1029665
CVE Reference:   CVE-2013-6885   (Links to External Site)
Date:  Jan 22 2014
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.6, 6.0, 6.1, 6.2
Description:   A vulnerability was reported in Xen. A local user on the guest operating system can cause denial of service conditions on the target host operating system. Citrix XenServer is affected.

A local administrative user on the guest operating system can trigger a flaw in AMD-based CPUs to cause a CPU core to hang and the target host system to crash.

The underlying vulnerability is described in AMD CPU erratum 793 ("Specific Combination of Writes to Write Combined Memory Types and Locked Instructions May Cause Core Hang").

Xen versions 3.3 and later running on family 16h model 00h-0fh AMD CPUs are affected.

Jan Beulich reported this vulnerability.

Impact:   A local user on the guest operating system can cause the target host operating system to crash.
Solution:   Citrix has issued a fix for Citrix XenServer.

The Citrix advisory is available at:

http://support.citrix.com/article/CTX140038

Vendor URL:  www.xen.org/ (Links to External Site)
Cause:   State error

Message History:   This archive entry is a follow-up to the message listed below.
Dec 2 2013 Xen AMD CPU Bug May Let Local Guest Users Deny Service on the Host System



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC