Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
xenXen ProjectXSA-46
HistoryApr 18, 2013 - 12:00 p.m.

Several access permission issues with IRQs for unprivileged guests

2013-04-1812:00:00
Xen Project
xenbits.xen.org
34

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

26.0%

JSON

ISSUE DESCRIPTION

Various IRQ related access control operations may not have the intended effect, thus potentially permitting a stub domain to grant its client domain access to an IRQ it doesn’t have access to itself.

IMPACT

Malicious or buggy stub domains kernels can mount a denial of service attack possibly affecting the whole system.

VULNERABLE SYSTEMS

Only Xen systems using stub domains are vulnerable.
Only guests with passed-through IRQs or PCI devices are able to exploit the vulnerability.
It is remotely possible that PV guests with passthrough IRQs or devices may also be able to exploit this vulnerability, although we think this is unlikely.

Related

prion 1
ubuntucve 1
cve 1
debiancve 1
nessus 14
securityvulns 2
openvas 52
osv 1
debian 1
fedora 25
suse 2
gentoo 1
prion
prion
Design/Logic Flaw
2013-05-13 23:55:00
ubuntucve
ubuntucve
CVE-2013-1919
2013-04-18 00:00:00
cve
cve
CVE-2013-1919
2013-05-13 23:55:00
debiancve
debiancve
CVE-2013-1919
2013-05-13 23:55:00
nessus
nessus
Debian DSA-2662-1 : xen - several vulnerabilities
2013-04-19 00:00:00
Fedora 18 : xen-4.2.2-1.fc18 (2013-6641)
2013-05-05 00:00:00
OracleVM 2.2 : xen (OVMSA-2013-0033)
2014-11-26 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2662-1] xen security update
2013-04-22 00:00:00
Xen security vulnerabilities
2013-04-22 00:00:00
openvas
openvas
Debian Security Advisory DSA 2662-1 (xen - several vulnerabilities)
2013-04-18 00:00:00
Debian: Security Advisory (DSA-2662-1)
2013-04-17 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:1075-1)
2021-06-09 00:00:00
osv
osv
xen - several
2013-04-18 00:00:00
debian
debian
[SECURITY] [DSA 2662-1] xen security update
2013-04-18 14:24:00
fedora
fedora
[SECURITY] Fedora 19 Update: xen-4.2.2-3.fc19
2013-05-09 19:01:55
[SECURITY] Fedora 18 Update: xen-4.2.2-1.fc18
2013-05-05 02:25:55
[SECURITY] Fedora 18 Update: xen-4.2.2-3.fc18
2013-05-15 03:34:44
suse
suse
Security update for Xen (important)
2013-06-25 19:04:17
Security update for Xen (important)
2014-03-25 23:04:15
gentoo
gentoo
Xen: Multiple vulnerabilities
2013-09-27 00:00:00

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

26.0%

JSON
Related for XSA-46
prion1ubuntucve1cve1debiancve1nessus14securityvulns2openvas52osv1debian1fedora25suse2gentoo1