CVE-2013-1432 — XEN vulnerability

CWE-3997 documents6 sources

Severity

7.4HIGHNVD

EPSS

0.4%

top 38.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedAug 28

Latest updateMay 17

Description

Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possibly gain privileges via unspecified vectors.

CVSS vector

AV:A/AC:M/C:C/I:C/A:CExploitability: 4.4 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.3.0-1 (bookworm)

▶Debianxen/xen< 4.3.0-1+3

▶NVDxen/xen9 versions+8

Patches

Patch: support.citrix.com ↗Patch: support.citrix.com ↗

🔴Vulnerability Details

GHSA

GHSA-qh8v-6pfv-7hfc: Xen 4↗2022-05-17

▶

OSV

CVE-2013-1432: Xen 4↗2013-08-28

▶

📋Vendor Advisories

Red Hat

kernel: xen: Page reference counting error due to XSA-45/CVE-2013-1918 fixes↗2013-06-26

▶

Debian

CVE-2013-1432: xen - Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly mainta...↗2013

▶

💬Community

Bugzilla

CVE-2013-1432 kernel: xen: Page reference counting error due to XSA-45/CVE-2013-1918 fixes [fedora-all]↗2013-06-26

▶

Bugzilla

CVE-2013-1432 kernel: xen: Page reference counting error due to XSA-45/CVE-2013-1918 fixes↗2013-06-13

▶