Main Vulnerability Database Vulnerabilities #VU42477

Permissions, Privileges, and Access Controls in Xen - CVE-2013-4356

Published: October 10, 2013 / Updated: August 10, 2020

Vulnerability identifier: #VU42477

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-4356

CWE-ID: CWE-264

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Xen Project

Affected software:
Xen

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash).

How to mitigate CVE-2013-4356

Install update from vendor's website.

Sources

http://secunia.com/advisories/54962
http://security.gentoo.org/glsa/glsa-201407-03.xml
http://www.openwall.com/lists/oss-security/2013/09/30/2
http://www.securityfocus.com/bid/62709

Permissions, Privileges, and Access Controls in Xen - CVE-2013-4356

Detailed vulnerability description

How to mitigate CVE-2013-4356

Sources

Please verify you're human