Vulnerability Details : CVE-2013-4494
Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2013-4494
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4494
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4494
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.2
|
MEDIUM | AV:A/AC:M/Au:S/C:N/I:N/A:C |
4.4
|
6.9
|
NIST |
CWE ids for CVE-2013-4494
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4494
-
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
[security-announce] SUSE-SU-2014:0470-1: important: Security update forMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0108.html
RHSA-2014:0108 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2013/11/01/3
oss-security - Re: Xen Security Advisory 73 - Lock order reversal between page allocation and grant table locksMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html
openSUSE-SU-2013:1876-1: moderate: xen: security and bugfix updateMailing List;Third Party Advisory
-
http://security.gentoo.org/glsa/glsa-201407-03.xml
Xen: Multiple Vunlerabilities (GLSA 201407-03) — Gentoo securityThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
[security-announce] SUSE-SU-2014:0446-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
[security-announce] SUSE-SU-2014:0411-1: important: Security update forMailing List;Third Party Advisory
-
http://www.debian.org/security/2014/dsa-3006
Debian -- Security Information -- DSA-3006-1 xenThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2013/11/01/2
oss-security - Xen Security Advisory 73 - Lock order reversal between page allocation and grant table locksMailing List;Third Party Advisory
Jump to