Vulnerability Description
Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | 3.0.2 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html
- http://lists.xen.org/archives/html/xen-announce/2013-04/msg00000.htmlPatchVendor Advisory
- http://osvdb.org/92050
- http://secunia.com/advisories/52857Vendor Advisory
- http://secunia.com/advisories/55082
- http://security.gentoo.org/glsa/glsa-201309-24.xml
- http://www.openwall.com/lists/oss-security/2013/04/04/7
- http://www.securityfocus.com/bid/58880
- http://www.securitytracker.com/id/1028388
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83226
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
FAQ
What is CVE-2013-1920?
CVE-2013-1920 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain ...
How severe is CVE-2013-1920?
CVE-2013-1920 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1920?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.