CVE-2013-2196
medium
CVSS v3
—
CVSS v2
6.9
VIR risk
6.9
Description
Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "other problems" that are not CVE-2013-2194 or CVE-2013-2195.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-2196
Vendor advisory: secalert@redhat.com — http://support.citrix.com/article/CTX138058
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 4.3.0-1 |
| debian | bullseye | fixed | 4.3.0-1 |
| debian | forky | fixed | 4.3.0-1 |
| debian | sid | fixed | 4.3.0-1 |
| debian | trixie | fixed | 4.3.0-1 |
References
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
- http://secunia.com/advisories/55082
- http://security.gentoo.org/glsa/glsa-201309-24.xml
- http://support.citrix.com/article/CTX138058
- http://www.debian.org/security/2014/dsa-3006
- http://www.openwall.com/lists/oss-security/2013/06/20/2
- http://www.openwall.com/lists/oss-security/2013/06/20/4
- https://security-tracker.debian.org/tracker/CVE-2013-2196
Verify integrity in audit chain (admin only). AS-IS.