5.2 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:M/Au:S/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
64.2%
The Xen netback implementation contains a couple of flaws which can allow a guest to cause a DoS in the backend domain, potentially affecting other domains in the system.
CVE-2013-0216 is a failure to sanity check the ring producer/consumer pointers which can allow a guest to cause netback to loop for an extended period preventing other work from occurring.
CVE-2013-0217 is a memory leak on an error path which is guest triggerable.
A malicious guest can mount a DoS affecting the entire system.
All systems running guests with access to PV network devices are vulnerable.
CVE-2013-0216 affects both mainline (“pvops”) and classic-Xen patch kernels.
CVE-2013-0217 affects only mainline (“pvops”) kernels.