Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0154

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2013-0154
Last Modified 19 Apr 2014 12:30:41
Published 11 Jan 2013 11:33:49
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2013-0154

Summary

The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall.

Vulnerable Systems

Operating System

  • Xen 4.2.0


References

XF - xen-hypercall-dos(80977)

SECTRACK - 1027937

BID - 57159

MLIST - [oss-security] 20130104 Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only)

CONFIRM - http://seclists.org/oss-sec/2013/q1/att-17/xsa37-4_2.patch

OSVDB - 88913

SUSE - openSUSE-SU-2013:0637

SUSE - openSUSE-SU-2013:0636

GENTOO - GLSA-201309-24

SECUNIA - 55082

SUSE - SUSE-SU-2014:0446


Last Updated: 27 May 2016 11:03:12