CVE-2013-1432

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possibly gain privileges via unspecified vectors.

References

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html

http://secunia.com/advisories/55082

http://security.gentoo.org/glsa/glsa-201309-24.xml

http://support.citrix.com/article/CTX138134

http://www.debian.org/security/2014/dsa-3006

http://www.openwall.com/lists/oss-security/2013/06/26/5

Details

Source: MITRE

Published: 2013-08-28

Updated: 2017-06-30

Type: CWE-399

Risk Information

CVSS v2

Base Score: 7.4

Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 4.4

Severity: HIGH

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
84140OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)NessusOracleVM Local Security Checks
low
83616SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1)NessusSuSE Local Security Checks
high
83602SUSE SLED11 / SLES11 Security Update : Xen (SUSE-SU-2013:1774-1)NessusSuSE Local Security Checks
high
79521OracleVM 2.2 : xen (OVMSA-2013-0074)NessusOracleVM Local Security Checks
high
79514OracleVM 3.2 : xen (OVMSA-2013-0059)NessusOracleVM Local Security Checks
high
79513OracleVM 3.1 : xen (OVMSA-2013-0057)NessusOracleVM Local Security Checks
high
79512OracleVM 3.2 : xen (OVMSA-2013-0056)NessusOracleVM Local Security Checks
high
77240Debian DSA-3006-1 : xen - security updateNessusDebian Local Security Checks
high
75130openSUSE Security Update : xen (openSUSE-SU-2013:1404-1)NessusSuSE Local Security Checks
high
75129openSUSE Security Update : xen (openSUSE-SU-2013:1392-1)NessusSuSE Local Security Checks
high
70969SuSE 11.2 / 11.3 Security Update : Xen (SAT Patch Numbers 8478 / 8479)NessusSuSE Local Security Checks
high
70184GLSA-201309-24 : Xen: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
67328Fedora 18 : xen-4.2.2-10.fc18 (2013-11874)NessusFedora Local Security Checks
high
67327Fedora 17 : xen-4.1.5-9.fc17 (2013-11871)NessusFedora Local Security Checks
high
67326Fedora 19 : xen-4.2.2-10.fc19 (2013-11837)NessusFedora Local Security Checks
high