CVE-2013-1964 — XEN vulnerability

CWE-2647 documents6 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 77.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedMay 21

Latest updateMay 17

Description

Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.1.4-3 (bookworm)

▶Debianxen/xen< 4.1.4-3+3

▶NVDxen/xen11 versions+10

🔴Vulnerability Details

GHSA

GHSA-7g4x-7cf6-p5m9: Xen 4↗2022-05-17

▶

OSV

CVE-2013-1964: Xen 4↗2013-05-21

▶

📋Vendor Advisories

Red Hat

xen: grant table hypercall acquire/release imbalance↗2013-04-18

▶

Debian

CVE-2013-1964: xen - Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-...↗2013

▶

💬Community

Bugzilla

CVE-2013-1964 grant table hypercall acquire/release imbalance [fedora-all]↗2013-04-18

▶

Bugzilla

CVE-2013-1964 xen: grant table hypercall acquire/release imbalance↗2013-04-18

▶