CVE-2013-0215 — XEN vulnerability

CWE-2647 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 70.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedMar 7

Latest updateMay 5

Description

oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon crash and host-control outage, or memory consumption) or obtain sensitive control-plane data by leveraging guest administrative access.

CVSS vector

AV:A/AC:M/C:P/I:N/A:PExploitability: 5.5 | Impact: 4.9

Affected Packages2 packages

▶NVDxen/xen7 versions+6

▶debiandebian/xen

🔴Vulnerability Details

GHSA

GHSA-x2r5-665w-2mrf: oxenstored in Xen 4↗2022-05-05

▶

📋Vendor Advisories

Red Hat

xen: oxenstored incorrect handling of certain Xenbus ring states↗2013-02-05

▶

Debian

CVE-2013-0215: xen - oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider ...↗2013

▶

💬Community

Bugzilla

CVE-2013-0215 xen: oxenstored incorrect handling of certain Xenbus ring states [fedora-all]↗2013-02-05

▶

Bugzilla

CVE-2013-0215 xen: oxenstored incorrect handling of certain Xenbus ring states↗2013-01-31

▶

Bugzilla

CVE-2013-0186 ManageIQ EVM: Stored XSS↗2013-01-15

▶