CVE-2013-0152 — Missing Release of Memory after Effective Lifetime in XEN

CWE-3996 documents5 sources

Severity

4.7MEDIUMNVD

EPSS

0.1%

top 83.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedFeb 13

Latest updateMay 5

Description

Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not properly handled.

CVSS vector

AV:L/AC:M/C:N/I:N/A:CExploitability: 3.4 | Impact: 6.9

Affected Packages2 packages

▶NVDxen/xen4.2.0

▶debiandebian/xen

🔴Vulnerability Details

GHSA

GHSA-8fhh-36mp-w68w: Memory leak in Xen 4↗2022-05-05

▶

📋Vendor Advisories

Red Hat

kernel: xen: nested HVM host crash / OOM condition↗2013-01-22

▶

Debian

CVE-2013-0152: xen - Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of...↗2013

▶

💬Community

Bugzilla

CVE-2013-0151 CVE-2013-0152: kernel: xen: nested HVM host crash / OOM condition [fedora-all]↗2013-01-22

▶

Bugzilla

CVE-2013-0151 CVE-2013-0152: kernel: xen: nested HVM host crash / OOM condition↗2013-01-08

▶