CVE-2013-4371Use After Free in XEN

CWE-399CWE-416Use After Free7 documents6 sources
Severity
4.4MEDIUMNVD
EPSS
0.1%
top 75.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XENDebian XEN
Timeline
PublishedOct 17
Latest updateMay 17

Description

Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages3 packages

debiandebian/xen< xen 4.4.0-1 (bookworm)
Debianxen/xen< 4.4.0-1+3
NVDxen/xen5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-3hjr-2qmj-c4wj: Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 42022-05-17
OSV
CVE-2013-4371: Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 42013-10-17

📋Vendor Advisories

2
Red Hat
xen: use-after-free in libxl_list_cpupool under memory pressure (XSA-70)2013-10-10
Debian
CVE-2013-4371: xen - Use-after-free vulnerability in the libxl_list_cpupool function in the libxl too...2013

💬Community

2
Bugzilla
CVE-2013-4371 CVE-2013-4370 CVE-2013-4368 CVE-2013-4369 CVE-2013-4375 xen: various flaws [fedora-all]2013-10-10
Bugzilla
CVE-2013-4371 xen: use-after-free in libxl_list_cpupool under memory pressure (XSA-70)2013-09-26