CVE-2013-0152 - Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memor

CVE-2013-0152

Summary

Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not properly handled.

References

http://secunia.com/advisories/55082
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://www.openwall.com/lists/oss-security/2013/01/23/8
http://www.securitytracker.com/id/1028032

Vulnerable Configurations

cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*

CVSS

Base:	4.7 (as of 11-10-2013 - 03:48)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:M/Au:N/C:N/I:N/A:C

refmap via4

gentoo	GLSA-201309-24
mlist	[oss-security] 20130123 Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest
sectrack	1028032
secunia	55082

Last major update

11-10-2013 - 03:48

Published

13-02-2013 - 01:55

Last modified

11-10-2013 - 03:48