CVE-2013-1919 — XEN vulnerability

CWE-2647 documents6 sources

Severity

4.7MEDIUMNVD

EPSS

0.1%

top 73.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedMay 13

Latest updateMay 17

Description

Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices."

CVSS vector

AV:L/AC:M/C:N/I:N/A:CExploitability: 3.4 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.1.4-3 (bookworm)

▶Debianxen/xen< 4.1.4-3+3

▶NVDxen/xen9 versions+8

🔴Vulnerability Details

GHSA

GHSA-h9vg-xq6f-567v: Xen 4↗2022-05-17

▶

OSV

CVE-2013-1919: Xen 4↗2013-05-13

▶

📋Vendor Advisories

Red Hat

kernel: xen: Several access permission issues with IRQs for unprivileged guests↗2013-04-18

▶

Debian

CVE-2013-1919: xen - Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows loca...↗2013

▶

💬Community

Bugzilla

CVE-2013-1919 kernel: xen: Several access permission issues with IRQs for unprivileged guests [fedora-all]↗2013-04-18

▶

Bugzilla

CVE-2013-1919 kernel: xen: Several access permission issues with IRQs for unprivileged guests↗2013-04-10

▶