CVE-2013-1918Improper Restriction of Operations within the Bounds of a Memory Buffer in XEN

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents6 sources
Severity
4.7MEDIUMNVD
EPSS
0.1%
top 73.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XENDebian XEN
Timeline
PublishedMay 13
Latest updateMay 17

Description

Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table traversal."

CVSS vector

AV:L/AC:M/C:N/I:N/A:CExploitability: 3.4 | Impact: 6.9

Affected Packages3 packages

debiandebian/xen< xen 4.1.4-4 (bookworm)
Debianxen/xen< 4.1.4-4+3
NVDxen/xen9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-vpwm-gh3g-c2m8: Certain page table manipulation operations in Xen 42022-05-17
OSV
CVE-2013-1918: Certain page table manipulation operations in Xen 42013-05-13

📋Vendor Advisories

3
Red Hat
kernel: xen: Page reference counting error due to XSA-45/CVE-2013-1918 fixes2013-06-26
Red Hat
kernel: xen: Several long latency operations are not preemptible2013-05-02
Debian
CVE-2013-1918: xen - Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are ...2013

💬Community

4
Bugzilla
CVE-2013-1432 kernel: xen: Page reference counting error due to XSA-45/CVE-2013-1918 fixes [fedora-all]2013-06-26
Bugzilla
CVE-2013-1432 kernel: xen: Page reference counting error due to XSA-45/CVE-2013-1918 fixes2013-06-13
Bugzilla
CVE-2013-1918 kernel: xen: Several long latency operations are not preemptible [fedora-all]2013-05-02
Bugzilla
CVE-2013-1918 kernel: xen: Several long latency operations are not preemptible2013-04-24