CVE-2013-4554 — XEN vulnerability

CWE-2646 documents5 sources

Severity

5.2MEDIUMNVD

EPSS

0.2%

top 56.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedDec 24

Latest updateMay 17

Description

Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2.

CVSS vector

AV:A/AC:L/C:P/I:P/A:PExploitability: 5.1 | Impact: 6.4

Affected Packages2 packages

▶NVDxen/xen34 versions+33

▶debiandebian/xen

🔴Vulnerability Details

GHSA

GHSA-qq83-rxpp-j7cv: Xen 3↗2022-05-17

▶

📋Vendor Advisories

Red Hat

kernel: xen: hypercalls exposed to privilege rings 1 and 2 of HVM guests↗2013-11-26

▶

Debian

CVE-2013-4554: xen - Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (p...↗2013

▶

💬Community

Bugzilla

CVE-2013-4554 kernel: xen: hypercalls exposed to privilege rings 1 and 2 of HVM guests [fedora-all]↗2013-11-26

▶

Bugzilla

CVE-2013-4554 kernel: xen: hypercalls exposed to privilege rings 1 and 2 of HVM guests↗2013-11-11

▶