- Home
- CVEs with nessus.description==Three security issues were found in XEN.
Two security issues are fixed by this update :
- Due to incorrect fault handling in the XEN hypervisor it
was possible for a XEN guest domain administrator to
execute code in the XEN host environment.
(CVE-2012-0217)
- Also a guest user could crash the guest XEN kernel due
to a protection fault bounce. The third fix is changing
the Xen behaviour on certain hardware:. (CVE-2012-0218)
- The issue is a denial of service issue on older pre-SVM
AMD CPUs (AMD Erratum 121). AMD Erratum #121 is
described in 'Revision Guide for AMD Athlon 64 and AMD
Opteron Processors':
http://support.amd.com/us/Processor_TechDocs/25759.pdf.
(CVE-2012-2934)
The following 130nm and 90nm (DDR1-only) AMD processors
are subject to this erratum :
- First-generation AMD-Opteron(tm) single and dual core
processors in either 939 or 940 packages :
- AMD Opteron(tm) 100-Series Processors
- AMD Opteron(tm) 200-Series Processors
- AMD Opteron(tm) 800-Series Processors
- AMD Athlon(tm) processors in either 754, 939 or 940
packages
- AMD Sempron(tm) processor in either 754 or 939 packages
- AMD Turion(tm) Mobile Technology in 754 package This
issue does not effect Intel processors.
The impact of this flaw is that a malicious PV guest
user can halt the host system.
As this is a hardware flaw, it is not fixable except by
upgrading your hardware to a newer revision, or not
allowing untrusted 64bit guestsystems.
The patch changes the behaviour of the host system
booting, which makes it unable to create guest machines
until a specific boot option is set.
There is a new XEN boot option 'allow_unsafe' for GRUB
which allows the host to start guests again.
This is added to /boot/grub/menu.lst in the line looking
like this :
kernel /boot/xen.gz .... allow_unsafe
Note: .... in this example represents the existing boot
options for the host.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top