CVE-2013-1920

Severity

44%

Complexity

34%

Confidentiality

106%

Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors.

Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors.

CVSS 2.0 Base Score 4.4. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

Xen

First reported 11 years ago

2013-04-12 22:55:00

Last updated 7 years ago

2017-08-29 01:33:00

Affected Software

Xen Xen 3.0.2

3.0.2

Xen Xen 3.0.3

3.0.3

Xen Xen 3.0.4

3.0.4

Xen Xen 3.1.

3.1.3

Xen Xen 3.1.4

3.1.4

Xen Xen 3.2.0

3.2.0

Xen Xen 3.2.1

3.2.1

Xen Xen 3.2.2

3.2.2

Xen Xen 3.2.3

3.2.3

Xen 3.3.0

3.3.0

Xen 3.3.1

3.3.1

Xen 3.3.2

3.3.2

Xen 3.4.0

3.4.0

Xen 3.4.1

3.4.1

Xen 3.4.2

3.4.2

Xen 3.4.3

3.4.3

Xen 3.4.4

3.4.4

Xen 4.0.0

4.0.0

Xen 4.0.1

4.0.1

Xen 4.0.2

4.0.2

Xen 4.0.3

4.0.3

Xen 4.0.4

4.0.4

Xen 4.1.0

4.1.0

Xen 4.1.1

4.1.1

Xen 4.1.2

4.1.2

Xen 4.1.3

4.1.3

Xen 4.1.4

4.1.4

Xen 4.2.0

4.2.0

Xen 4.2.1

4.2.1

References

SUSE-SU-2014:0411

SUSE-SU-2014:0446

SUSE-SU-2014:0470

openSUSE-SU-2013:0912

[Xen-announce] 20130404 Xen Security Advisory 47 (CVE-2013-1920) - Potential use of freed memory in event channel operations

Patch, Vendor Advisory

92050

52857

Vendor Advisory

55082

GLSA-201309-24

[oss-security] 20130404 Xen Security Advisory 47 (CVE-2013-1920) - Potential use of freed memory in event channel operations

58880

1028388

xen-cve20131920-code-exec(83226)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.