CVE-2013-2211 — XEN vulnerability

CWE-2647 documents6 sources

Severity

7.4HIGHNVD

EPSS

0.2%

top 53.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedAug 28

Latest updateMay 17

Description

The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors.

CVSS vector

AV:A/AC:M/C:C/I:C/A:CExploitability: 4.4 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.3.0-1 (bookworm)

▶Debianxen/xen< 4.3.0-1+3

▶NVDxen/xen14 versions+13

🔴Vulnerability Details

GHSA

GHSA-446j-5cq2-4x7c: The libxenlight (libxl) toolstack library in Xen 4↗2022-05-17

▶

OSV

CVE-2013-2211: The libxenlight (libxl) toolstack library in Xen 4↗2013-08-28

▶

📋Vendor Advisories

Red Hat

xen: libxl allows guest write access to sensitive console related xenstore keys↗2013-06-20

▶

Debian

CVE-2013-2211: xen - The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses we...↗2013

▶

💬Community

Bugzilla

CVE-2013-2211 xen: libxl allows guest write access to sensitive console related xenstore keys [fedora-all]↗2013-06-21

▶

Bugzilla

CVE-2013-2211 xen: libxl allows guest write access to sensitive console related xenstore keys↗2013-06-06

▶