CVE-2013-4370 — Improper Restriction of Operations within the Bounds of a Memory Buffer in XEN

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 75.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedOct 17

Latest updateMay 17

Description

The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors that trigger a (1) use-after-free or (2) double free.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/xen< xen 4.4.0-1 (bookworm)

▶Debianxen/xen< 4.4.0-1+3

▶NVDxen/xen5 versions+4

🔴Vulnerability Details

GHSA

GHSA-w68m-2vpj-2rjg: The ocaml binding for the xc_vcpu_getaffinity function in Xen 4↗2022-05-17

▶

OSV

CVE-2013-4370: The ocaml binding for the xc_vcpu_getaffinity function in Xen 4↗2013-10-17

▶

📋Vendor Advisories

Red Hat

xen: misplaced free in ocaml xc_vcpu_getaffinity stub (XSA-69)↗2013-10-10

▶

Debian

CVE-2013-4370: xen - The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x fr...↗2013

▶

💬Community

Bugzilla

CVE-2013-4371 CVE-2013-4370 CVE-2013-4368 CVE-2013-4369 CVE-2013-4375 xen: various flaws [fedora-all]↗2013-10-10

▶

Bugzilla

CVE-2013-4370 xen: misplaced free in ocaml xc_vcpu_getaffinity stub (XSA-69)↗2013-09-26

▶