Detections
Analytics
Alpine: multiple xen packages: security update to 4.1.0-r2 (deprecated)
critical Tenable Self-Hosted Container Security Plugin ID 401345
Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:- Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local
users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest
kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read
in the loader involving unspecified length fields. (CVE-2011-1583)
- Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not
have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI
interrupts by writing to the interrupt injection registers." (CVE-2011-1898)
See Also
https://git.alpinelinux.org/aports/commit/?id=1bc5d9887db636672c205503bdace8f2a91f740b
https://git.alpinelinux.org/aports/commit/?id=b8039e011a8e4718343018cc2b9517a7fd878de0
Plugin Details
Severity: Critical
ID: 401345
Version: Revision 1.24
Type: Local
Published: 8/16/2023
Updated: 2/2/2026
Supported Sensors: Agentless Assessment
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.4
Temporal Score: 5.8
Vector: CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2011-1898
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2011-1583
Vulnerability Information
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/2/2011
Vulnerability Publication Date: 5/9/2011
Reference Information
CVE: CVE-2011-1583, CVE-2011-1898