CVE-2013-4329 — XEN vulnerability

CWE-2647 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 62.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedSep 12

Latest updateMay 17

Description

The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction.

CVSS vector

AV:A/AC:H/C:C/I:C/A:CExploitability: 2.5 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.3.0-1 (bookworm)

▶Debianxen/xen< 4.3.0-1+3

▶NVDxen/xen15 versions+14

Patches

Patch: lists.xen.org ↗Patch: lists.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-m6p7-5mj3-hmp2: The xenlight library (libxl) in Xen 4↗2022-05-17

▶

OSV

CVE-2013-4329: The xenlight library (libxl) in Xen 4↗2013-09-12

▶

📋Vendor Advisories

Red Hat

xen: libxl partially sets up HVM passthrough even with disabled iommu↗2013-09-10

▶

Debian

CVE-2013-4329: xen - The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled,...↗2013

▶

💬Community

Bugzilla

CVE-2013-4329 xen: libxl partially sets up HVM passthrough even with disabled iommu [fedora-all]↗2013-09-10

▶

Bugzilla

CVE-2013-4329 xen: libxl partially sets up HVM passthrough even with disabled iommu↗2013-09-10

▶