CVE-2013-2194
medium
CVSS v3
—
CVSS v2
6.9
VIR risk
6.9
Description
Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-2194
Vendor advisory: secalert@redhat.com — http://support.citrix.com/article/CTX138058
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 4.3.0-1 |
| debian | bullseye | fixed | 4.3.0-1 |
| debian | forky | fixed | 4.3.0-1 |
| debian | sid | fixed | 4.3.0-1 |
| debian | trixie | fixed | 4.3.0-1 |
References
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
- http://secunia.com/advisories/55082
- http://security.gentoo.org/glsa/glsa-201309-24.xml
- http://support.citrix.com/article/CTX138058
- http://www.debian.org/security/2014/dsa-3006
- http://www.openwall.com/lists/oss-security/2013/06/20/2
- http://www.openwall.com/lists/oss-security/2013/06/20/4
- https://security-tracker.debian.org/tracker/CVE-2013-2194
CWEs
CWE-189
Verify integrity in audit chain (admin only). AS-IS.