CVE-2013-2195 — XEN vulnerability

CWE-18912 documents6 sources

Severity

6.9MEDIUMNVD

EPSS

0.0%

top 88.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedAug 23

Latest updateMay 17

Description

The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involving unexpected calculations.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.3.0-1 (bookworm)

▶Debianxen/xen< 4.3.0-1+3

▶NVDxen/xen4.2.2+2

Patches

Patch: support.citrix.com ↗Patch: support.citrix.com ↗

🔴Vulnerability Details

GHSA

GHSA-8xm4-2qhp-6g6g: The Elf parser (libelf) in Xen 4↗2022-05-17

▶

GHSA

GHSA-9cmh-g87c-qgh5: Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4↗2022-05-17

▶

OSV

CVE-2013-2196: Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4↗2013-08-23

▶

OSV

CVE-2013-2195: The Elf parser (libelf) in Xen 4↗2013-08-23

▶

📋Vendor Advisories

Red Hat

xen: Multiple vulnerabilities in libelf PV kernel handling↗2013-06-03

▶

Red Hat

xen: Multiple vulnerabilities in libelf PV kernel handling↗2013-06-03

▶

Debian

CVE-2013-2195: xen - The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrator...↗2013

▶

Debian

CVE-2013-2196: xen - Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and...↗2013

▶

💬Community

Bugzilla

CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 xen: Multiple vulnerabilities in libelf PV kernel handling [fedora-all]↗2013-06-04

▶

Bugzilla

CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 xen: Multiple vulnerabilities in libelf PV kernel handling↗2013-06-04

▶