Xen SAHF simulation Denial of Service Vulnerability

Release date:
Updated on:

Affected Systems:
RedHat Enterprise Linux Desktop v.5 client
RedHat Enterprise Linux 5 server
XenSource Xen 3.1.2
XenSource Xen 3.1.1
XenSource Xen 3.0.3
XenSource Xen 3.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 49375
Cve id: CVE-2011-2519

Xen is an open-source Virtual Machine monitor developed by the University of Cambridge.

Xen has a denial-of-service vulnerability in the implementation of SAHF simulation. Local attackers can exploit this vulnerability to consume a large amount of memory in the host operating system and cause denial of service to legitimate users.

Because a fake address is referenced, the patch code can cause the management program to crash.

<* Source: Eugene Teo (eugeneteo@eugeneteo.net)

Link: https://bugzilla.redhat.com/show_bug.cgi? Id = 718882
Http://xenbits.xen.org/hg/xen-3.1-testing.hg/rev/15644
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

XenSource
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://xen.xensource.com/