Lucene search

PRIOn knowledge basePRION:CVE-2013-1920

HistoryApr 12, 2013 - 10:55 p.m.

Design/Logic Flaw

2013-04-1222:55:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.2%

JSON

Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running “under memory pressure” and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors.

CPENameOperatorVersion
xeneq3.2.0
xeneq3.2.1
xeneq3.0.4
xeneq3.4.0
xeneq4.0.4
xeneq4.0.2
xeneq3.3.2
xeneq4.1.2
xeneq3.2.2
xeneq3.4.4

Name	Operator	Version
xen	eq	3.2.0
xen	eq	3.2.1
xen	eq	3.0.4
xen	eq	3.4.0
xen	eq	4.0.4
xen	eq	4.0.2
xen	eq	3.3.2
xen	eq	4.1.2
xen	eq	3.2.2
xen	eq	3.4.4

Rows per page:

1-10 of 291

References

lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html

lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html

lists.opensuse.org/opensuse-updates/2013-06/msg00049.html

lists.xen.org/archives/html/xen-announce/2013-04/msg00000.html

osvdb.org/92050

secunia.com/advisories/52857

secunia.com/advisories/55082

security.gentoo.org/glsa/glsa-201309-24.xml

www.openwall.com/lists/oss-security/2013/04/04/7

www.securityfocus.com/bid/58880

www.securitytracker.com/id/1028388

exchange.xforce.ibmcloud.com/vulnerabilities/83226