Release date:
Updated on: 2013-02-27
 
Affected Systems:
XenSource Xen
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57740
CVE (CAN) ID: CVE-2013-0231
 
Xen is an open-source Virtual Machine monitor developed by the University of Cambridge.
 
On Linux kernel 2.6.18 and 3.8, the pciback_enable_msi function of the Xen PCI backend Driver (drivers/xen/pciback/conf_space_capability_msi.c) allows the client OS users to cause denial of service through a large number of kernel logs.
 
<* Source: vendor
Link: http://www.openwall.com/lists/oss-security/2013/02/05/9
Http://osvdb.org/89903
Http://secunia.com/advisories/52059
*>
 
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
XenSource
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://xen.xensource.com/
 
Xsa43-pvops.patch Apply to mainline Linux 3.8-rc5.
Xsa43-classic.patch Apply to linux-2.6.18-xen tree.
 
$ Sha256sum xsa43 *. patch
✓ Xsa43-classic.patch
6efe83c9951dcba20f18095814d10989e19230c6876bbdab32cc2f1165bb07c8 xsa43-pvops.patch
$