Все бюллетени/sisyphus/ALT-PU-2014-3202-1
ALT-PU-2014-3202-1

Обновление пакета xen в ветке sisyphus

Версия4.4.0-alt1
Задание#116230
Опубликовано2014-03-11
Макс. серьёзностьMEDIUM
Серьёзность:

Закрытые проблемы (2)

CVE-2013-4494
MEDIUM5.2

Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors.

Опубликовано: 2013-11-02Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 5.2
CVSS:2.0/AV:A/AC:M/Au:S/C:N/I:N/A:C
Ссылки
CVE-2015-8552
MEDIUM4.4

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks."

Опубликовано: 2016-04-13Изменено: 2025-04-12
CVSS 2.0НИЗКАЯ 1.7
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:P
CVSS 3.xСРЕДНЯЯ 4.4
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Ссылки