Vulnerability Description
Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | 4.0.0 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105533.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
- http://osvdb.org/92984
- http://secunia.com/advisories/53312Vendor Advisory
- http://secunia.com/advisories/55082
- http://security.gentoo.org/glsa/glsa-201309-24.xml
- http://www.debian.org/security/2013/dsa-2666
- http://www.openwall.com/lists/oss-security/2013/05/02/9
- http://www.securityfocus.com/bid/59617
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83968
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105533.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
- http://osvdb.org/92984
- http://secunia.com/advisories/53312Vendor Advisory
- http://secunia.com/advisories/55082
FAQ
What is CVE-2013-1952?
CVE-2013-1952 is a vulnerability with a CVSS score of 1.9 (LOW). Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which a...
How severe is CVE-2013-1952?
CVE-2013-1952 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1952?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.