CVE-2013-2072 — Improper Restriction of Operations within the Bounds of a Memory Buffer in XEN

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources

Severity

7.4HIGHNVD

EPSS

0.4%

top 41.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Debian Linux

Timeline

PublishedAug 28

Latest updateMay 17

Description

Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap.

CVSS vector

AV:A/AC:M/C:C/I:C/A:CExploitability: 4.4 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.2.2-1 (bookworm)

▶Debianxen/xen< 4.2.2-1+3

▶NVDxen/xen14 versions+13

Also affects: Debian Linux 7.0

🔴Vulnerability Details

GHSA

GHSA-fqgm-98vq-7hgr: Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4↗2022-05-17

▶

OSV

CVE-2013-2072: Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4↗2013-08-28

▶

📋Vendor Advisories

Red Hat

xen: Buffer overflow in xencontrol Python bindings affecting xend↗2013-05-17

▶

Debian

CVE-2013-2072: xen - Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4...↗2013

▶

💬Community

Bugzilla

CVE-2013-2072 xen: Buffer overflow in xencontrol Python bindings affecting xend [fedora-all]↗2013-05-17

▶

Bugzilla

CVE-2013-2072 xen: Buffer overflow in xencontrol Python bindings affecting xend↗2013-05-13

▶