CVE-2013-1920

Name of the Vulnerable Software and Affected Versions Xen versions 4.2.x, 4.1.x, and earlier

Description The issue occurs when the hypervisor is under memory pressure and the Xen Security Module (XSM) is enabled. It involves the wrong ordering of operations when extending the per-domain event channel tracking table, leading to a use-after-free condition. This allows local guest kernels to inject arbitrary events and gain privileges.

Recommendations For Xen versions 4.2.x, 4.1.x, and earlier, consider disabling the Xen Security Module (XSM) as a temporary workaround until a patch is available. Restrict access to the event channel tracking table to minimize the risk of exploitation.