CVE-2013-0152

Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not properly handled.

CVSS v2.0 4.7 MEDIUM

4.7^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 3.4 / Impact : 6.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/55082
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://www.openwall.com/lists/oss-security/2013/01/23/8
http://www.securitytracker.com/id/1028032
http://secunia.com/advisories/55082
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://www.openwall.com/lists/oss-security/2013/01/23/8
http://www.securitytracker.com/id/1028032

Configurations

Configuration 1 (hide)

cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:46

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/55082 -~~	() http://secunia.com/advisories/55082 -
References	~~() http://security.gentoo.org/glsa/glsa-201309-24.xml -~~	() http://security.gentoo.org/glsa/glsa-201309-24.xml -
References	~~() http://www.openwall.com/lists/oss-security/2013/01/23/8 -~~	() http://www.openwall.com/lists/oss-security/2013/01/23/8 -
References	~~() http://www.securitytracker.com/id/1028032 -~~	() http://www.securitytracker.com/id/1028032 -

Information

Published : 2013-02-13 01:55

Updated : 2024-11-21 01:46

NVD link : CVE-2013-0152

Mitre link : CVE-2013-0152

CVE.ORG link : CVE-2013-0152

JSON object : View

Products Affected

xen

xen

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2013-0152", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-02-13T01:55:03.247", "references": [{"url": "http://secunia.com/advisories/55082", "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2013/01/23/8", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1028032", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/55082", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2013/01/23/8", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1028032", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not properly handled."}, {"lang": "es", "value": "Consumo de memoria en Xen v4.2 que permite a los hu\u00e9spedes virtualizados inestable locales que pueden provocar una denegaci\u00f3n de servicio (consumo de memoria de host) mediante la realizaci\u00f3n de virtualizaci\u00f3n anidada de forma que provoca errores que no manejan adecuadamente."}], "lastModified": "2024-11-21T01:46:57.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}