CVE-2013-6400

Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*

History

21 Nov 2024, 01:59

Type Values Removed Values Added
References () http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125081.html - () http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125081.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125111.html - () http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125111.html -
References () http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html - () http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html -
References () http://lists.xen.org/archives/html/xen-announce/2013-12/msg00002.html - () http://lists.xen.org/archives/html/xen-announce/2013-12/msg00002.html -
References () http://secunia.com/advisories/55932 - Vendor Advisory () http://secunia.com/advisories/55932 - Vendor Advisory
References () http://security.gentoo.org/glsa/glsa-201407-03.xml - () http://security.gentoo.org/glsa/glsa-201407-03.xml -
References () http://www.openwall.com/lists/oss-security/2013/12/10/7 - () http://www.openwall.com/lists/oss-security/2013/12/10/7 -
References () http://www.securitytracker.com/id/1029468 - () http://www.securitytracker.com/id/1029468 -

Information

Published : 2013-12-13 18:55

Updated : 2024-11-21 01:59


NVD link : CVE-2013-6400

Mitre link : CVE-2013-6400

CVE.ORG link : CVE-2013-6400


JSON object : View

Products Affected

xen

  • xen
CWE
CWE-264

Permissions, Privileges, and Access Controls