CVE-2013-0215
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
07/03/2013
Last modified:
11/04/2025
Description
oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon crash and host-control outage, or memory consumption) or obtain sensitive control-plane data by leveraging guest administrative access.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://openwall.com/lists/oss-security/2013/02/05/10
- http://secunia.com/advisories/55082
- http://security.gentoo.org/glsa/glsa-201309-24.xml
- http://xenbits.xen.org/gitweb/?p=xen.git%3Ba%3Dcommit%3Bh%3D40f9c5e0a6d15b4ca1f6d4ed3a46f0871520eab5
- http://xenbits.xen.org/gitweb/?p=xen.git%3Ba%3Dcommit%3Bh%3D61401264eb00fae4ee4efc8e9a5067449283207b
- http://openwall.com/lists/oss-security/2013/02/05/10
- http://secunia.com/advisories/55082
- http://security.gentoo.org/glsa/glsa-201309-24.xml
- http://xenbits.xen.org/gitweb/?p=xen.git%3Ba%3Dcommit%3Bh%3D40f9c5e0a6d15b4ca1f6d4ed3a46f0871520eab5
- http://xenbits.xen.org/gitweb/?p=xen.git%3Ba%3Dcommit%3Bh%3D61401264eb00fae4ee4efc8e9a5067449283207b