Published: 24/12/2013 Updated: 07/01/2017

CVSS v2 Base Score: 5.2 | Impact Score: 6.9 | Exploitability Score: 4.4

VMScore: 463

Vector: AV:A/AC:M/Au:S/C:N/I:N/A:C

The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x up to and including 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock).

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen 4.3.1
xen xen 4.2.0
xen xen 4.1.4
xen xen 4.1.5
xen xen 3.4.0
xen xen 3.4.1
xen xen 4.2.1
xen xen 4.2.2
xen xen 4.1.6.1
xen xen 4.0.0
xen xen 3.4.2
xen xen 3.4.3
xen xen 4.2.3
xen xen 4.1.0
xen xen 4.1.1
xen xen 4.0.1
xen xen 4.0.2
xen xen 3.4.4
xen xen 4.3.0
xen xen 4.1.2
xen xen 4.1.3
xen xen 4.0.3
xen xen 4.0.4

Multiple security issues have been discovered in the Xen virtualisation solution which may result in information leaks or denial of service For the stable distribution (wheezy), these problems have been fixed in version 414-3+deb7u2 For the unstable distribution (sid), these problems will be fixed soon We recommend that you upgrade your xen pa ...

The XEN_DOMCTL_getmemlist hypercall in Xen 34x through 43x (possibly 431) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock) ...

CWE-119 http://www.openwall.com/lists/oss-security/2013/11/26/8 http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html http://www.debian.org/security/2014/dsa-3006 http://security.gentoo.org/glsa/glsa-201407-03.xml https://nvd.nist.gov https://www.debian.org/security/./dsa-3006 https://access.redhat.com/security/cve/cve-2013-4553

CVE-2013-4553

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect