All errata/sisyphus/ALT-PU-2014-3202-1
ALT-PU-2014-3202-1

Package update xen in branch sisyphus

Version4.4.0-alt1
Task#116230
Published2014-03-11
Max severityMEDIUM
Severity:

Closed issues (2)

CVE-2013-4494
MEDIUM5.2

Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors.

Published: 2013-11-02Modified: 2026-04-29
CVSS 2.0MEDIUM 5.2
CVSS:2.0/AV:A/AC:M/Au:S/C:N/I:N/A:C
References
CVE-2015-8552
MEDIUM4.4

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks."

Published: 2016-04-13Modified: 2025-04-12
CVSS 2.0LOW 1.7
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 4.4
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References