PT-2013-2174 · Linux+2 · Xen+2

Jan Beulich

Publicado

2013-02-12

Atualizado

2024-06-15

CVE-2013-0231

CVSS v2.0

4.9

Média

Vetor

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Xen for Linux kernel versions 2.6.18 through 3.8

Description The issue allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. This is due to the pciback enable msi function in the PCI backend driver.

Recommendations For versions 2.6.18 through 3.8, consider disabling the pciback enable msi function as a temporary workaround to minimize the risk of exploitation. Restrict access to PCI devices for guest OS users to prevent the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2013-0231

DSA-2632-1

MGASA-2013-0203

MGASA-2013-0204

MGASA-2013-0209

MGASA-2013-0210

MGASA-2013-0211

MGASA-2013-0212

MGASA-2013-0213

MGASA-2013-0214

MGASA-2013-0215

OPENSUSE-SU-2013_0395-1

OPENSUSE-SU-2013_0396-1

OPENSUSE-SU-2013_0925-1

OPENSUSE-SU-2024:10128-1

RHSA-2013:0747

RHSA-2013_0747

SUSE-SU-2015:0481-1

SUSE-SU-2015:0652-1

SUSE-SU-2019:14051-1

SUSE-SU-2019_14051-1

USN-1767-1

USN-1768-1

USN-1769-1

USN-1774-1

Produtos afetados

Red Hat

Suse

Xen

PT-2013-2174 · Linux+2 · Xen+2

CVE-2013-0231

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 425