Vulnerability Description
Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | 4.3.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/54962Vendor Advisory
- http://security.gentoo.org/glsa/glsa-201407-03.xml
- http://www.openwall.com/lists/oss-security/2013/09/30/2
- http://www.securityfocus.com/bid/62709
- http://secunia.com/advisories/54962Vendor Advisory
- http://security.gentoo.org/glsa/glsa-201407-03.xml
- http://www.openwall.com/lists/oss-security/2013/09/30/2
- http://www.securityfocus.com/bid/62709
FAQ
What is CVE-2013-4356?
CVE-2013-4356 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid m...
How severe is CVE-2013-4356?
CVE-2013-4356 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4356?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.