Use-after-free in Xen - CVE-2013-1920
Published: April 13, 2013 / Updated: July 28, 2020
Vulnerability identifier: #VU32690
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2013-1920
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Xen
Xen
Software vendor:
Xen Project
Xen Project
Description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing unspecified vectors. A local guest kernels can inject arbitrary events and gain privileges.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
External links
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html
- http://lists.xen.org/archives/html/xen-announce/2013-04/msg00000.html
- http://osvdb.org/92050
- http://secunia.com/advisories/52857
- http://secunia.com/advisories/55082
- http://security.gentoo.org/glsa/glsa-201309-24.xml
- http://www.openwall.com/lists/oss-security/2013/04/04/7
- http://www.securityfocus.com/bid/58880
- http://www.securitytracker.com/id/1028388
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83226