CVE-2013-6375

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter."

References

http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html

http://security.gentoo.org/glsa/glsa-201407-03.xml

http://www.openwall.com/lists/oss-security/2013/11/20/3

http://www.openwall.com/lists/oss-security/2013/11/21/1

http://www.securitytracker.com/id/1029369

Details

Source: MITRE

Published: 2013-11-23

Updated: 2018-10-30

Type: CWE-264

Risk Information

CVSS v2

Base Score: 7.9

Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 5.5

Severity: HIGH

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
91756OracleVM 3.2 : xen (OVMSA-2016-0081)NessusOracleVM Local Security Checks
high
88171OracleVM 3.2 : xen (OVMSA-2016-0008)NessusOracleVM Local Security Checks
high
76544GLSA-201407-03 : Xen: Multiple VunlerabilitiesNessusGentoo Local Security Checks
high
71590Fedora 20 : xen-4.3.1-6.fc20 (2013-23251)NessusFedora Local Security Checks
high
71562SuSE 11.3 Security Update : Xen (SAT Patch Number 8588)NessusSuSE Local Security Checks
high
71248Fedora 19 : xen-4.2.3-10.fc19 (2013-22325)NessusFedora Local Security Checks
high
71247Fedora 18 : xen-4.2.3-10.fc18 (2013-22312)NessusFedora Local Security Checks
high