CVE-2013-1432

Severity

74%

Complexity

44%

Confidentiality

165%

Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possibly gain privileges via unspecified vectors.

Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possibly gain privileges via unspecified vectors.

CVSS 2.0 Base Score 7.4. CVSS Attack Vector: adjacent_network. CVSS Attack Complexity: medium. CVSS Vector: (AV:A/AC:M/Au:S/C:C/I:C/A:C).

Overview

Type

Xen

First reported 11 years ago

2013-08-28 21:55:00

Last updated 7 years ago

2017-06-30 01:29:00

Affected Software

Xen 4.2.0

4.2.0

Xen 4.2.1

4.2.1

Xen 4.2.2

4.2.2

Xen 4.1.0

4.1.0

Xen 4.1.1

4.1.1

Xen 4.1.2

4.1.2

Xen 4.1.3

4.1.3

Xen 4.1.4

4.1.4

Xen 4.1.5

4.1.5

References

SUSE-SU-2014:0446

55082

GLSA-201309-24

http://support.citrix.com/article/CTX138134

Patch, Vendor Advisory

DSA-3006

[oss-security] 20130626 Xen Security Advisory 58 (CVE-2013-1432) - Page reference counting error due to XSA-45/CVE-2013-1918 fixes

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.