CVE-2013-2211

Name of the Vulnerable Software and Affected Versions Xen versions 4.0.x through 4.2.x

Description The issue concerns the use of weak permissions for xenstore keys in paravirtualised and emulated serial console devices by the libxenlight (libxl) toolstack library. This weakness allows local guest administrators to modify the xenstore value, potentially leading to security issues. The exact vectors through which this modification can occur are not specified.

Recommendations For Xen versions 4.0.x through 4.2.x, consider restricting access to the xenstore keys for paravirtualised and emulated serial console devices to prevent unauthorized modifications by guest administrators. At the moment, there is no information about a newer version that contains a fix for this vulnerability.