CVE-2013-0154 — Reachable Assertion in XEN

5 documents5 sources

Severity

1.9LOWNVD

EPSS

0.1%

top 77.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedJan 12

Latest updateMay 5

Description

The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall.

CVSS vector

AV:L/AC:M/C:N/I:N/A:PExploitability: 3.4 | Impact: 2.9

Affected Packages2 packages

▶NVDxen/xen4.2.0

▶debiandebian/xen

🔴Vulnerability Details

GHSA

GHSA-mwjq-35h5-gw9f: The get_page_type function in xen/arch/x86/mm↗2022-05-05

▶

📋Vendor Advisories

Red Hat

kernel: xen: Hypervisor crash due to incorrect ASSERT (debug build only)↗2013-01-04

▶

Debian

CVE-2013-0154: xen - The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is en...↗2013

▶

💬Community

Bugzilla

CVE-2013-0154 kernel: xen: Hypervisor crash due to incorrect ASSERT (debug build only)↗2013-01-07

▶