5.2 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:M/Au:S/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
26.5%
Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and
grant_table.lock in the same order, which allows local guest administrators
with access to multiple vcpus to cause a denial of service (host deadlock)
via unspecified vectors.
Author | Note |
---|---|
mdeslaur | This is XSA-73 |
lists.xen.org/archives/html/xen-announce/2013-11/msg00002.html
www.openwall.com/lists/oss-security/2013/11/01/2
www.openwall.com/lists/oss-security/2013/11/01/3
launchpad.net/bugs/cve/CVE-2013-4494
nvd.nist.gov/vuln/detail/CVE-2013-4494
security-tracker.debian.org/tracker/CVE-2013-4494
www.cve.org/CVERecord?id=CVE-2013-4494