CVE-2013-6375 — XEN vulnerability

CWE-2647 documents6 sources

Severity

7.9HIGHNVD

EPSS

0.6%

top 29.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Opensuse

Timeline

PublishedNov 23

Latest updateMay 14

Description

Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter."

CVSS vector

AV:A/AC:M/C:C/I:C/A:CExploitability: 5.5 | Impact: 10.0

Affected Packages4 packages

▶debiandebian/xen< xen 4.4.0-1 (bookworm)

▶Debianxen/xen< 4.4.0-1+3

▶NVDxen/xen5 versions+4

▶NVDopensuse/opensuse13.1

🔴Vulnerability Details

GHSA

GHSA-2xpm-w5mr-rm8m: Xen 4↗2022-05-14

▶

OSV

CVE-2013-6375: Xen 4↗2013-11-23

▶

📋Vendor Advisories

Red Hat

xen: Insufficient TLB flushing in VT-d (iommu) code↗2013-11-20

▶

Debian

CVE-2013-6375: xen - Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properl...↗2013

▶

💬Community

Bugzilla

CVE-2013-6375 xen: Insufficient TLB flushing in VT-d (iommu) code↗2013-11-21

▶

Bugzilla

CVE-2013-6375 xen: Insufficient TLB flushing in VT-d (iommu) code [fedora-all]↗2013-11-21

▶