The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involving unexpected calculations.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2013-2195 from the MITRE CVE dictionary dictionary and NIST NVD.
The risks associated with fixing this issue are greater than its security impact. This issue is not currently planned to be addressed in future xen updates for Red Hat Enterprise Linux 5.
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
Base Score | 6.5 |
---|---|
Base Metrics | AV:A/AC:H/Au:S/C:C/I:C/A:C |
Access Vector | Adjacent Network |
Access Complexity | High |
Authentication | Single |
Confidentiality Impact | Complete |
Integrity Impact | Complete |
Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Package | State |
---|---|---|
Red Hat Enterprise Linux 5 | xen | Affected |