CVE-2013-4356

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash).

References

http://secunia.com/advisories/54962

http://security.gentoo.org/glsa/glsa-201407-03.xml

http://www.openwall.com/lists/oss-security/2013/09/30/2

http://www.securityfocus.com/bid/62709

Details

Source: MITRE

Published: 2013-10-09

Updated: 2017-01-07

Type: CWE-264

Risk Information

CVSS v2

Base Score: 5.4

Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 5.5

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*

Tenable Plugins

View all (2 total)

IDNameProductFamilySeverity
76544GLSA-201407-03 : Xen: Multiple VunlerabilitiesNessusGentoo Local Security Checks
high
70421Fedora 20 : xen-4.3.0-7.fc20 (2013-18300)NessusFedora Local Security Checks
medium