vulnerability bulletin CVE-2013-0152
Xen: memory leak via Nested Virtualization
Synthesis of the vulnerability
An attacker, who is an administrator in a guest system, can use the Nested Virtualization feature, in order to stop the Xen host system.Impacted products:
Fedora, Unix (platform).
BID-57494, CERTA-2013-AVI-060, CVE-2013-0152, FEDORA-2013-1434, VIGILANCE-VUL-12348, XSA-35.
Description of the vulnerability
The Nested Virtualization feature is used to start a virtual machine inside another virtual machine.
However, when a guest system enables the Nested Virtualization, a memory area is allocated, but it is never freed.
An attacker, who is an administrator in a guest system, can therefore use the Nested Virtualization feature, in order to stop the Xen host system.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides systems vulnerabilities bulletins
. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.