PT-2013-2174 · Linux+2 · Xen+2

Jan Beulich

Published

2013-02-12

Updated

2024-06-15

CVE-2013-0231

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Xen for Linux kernel versions 2.6.18 through 3.8

Description The issue allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. This is due to the pciback enable msi function in the PCI backend driver.

Recommendations For versions 2.6.18 through 3.8, consider disabling the pciback enable msi function as a temporary workaround to minimize the risk of exploitation. Restrict access to PCI devices for guest OS users to prevent the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2013-0231

DSA-2632-1

MGASA-2013-0203

MGASA-2013-0204

MGASA-2013-0209

MGASA-2013-0210

MGASA-2013-0211

MGASA-2013-0212

MGASA-2013-0213

MGASA-2013-0214

MGASA-2013-0215

OPENSUSE-SU-2013_0395-1

OPENSUSE-SU-2013_0396-1

OPENSUSE-SU-2013_0925-1

OPENSUSE-SU-2024:10128-1

RHSA-2013:0747

RHSA-2013_0747

SUSE-SU-2015:0481-1

SUSE-SU-2015:0652-1

SUSE-SU-2019:14051-1

SUSE-SU-2019_14051-1

USN-1767-1

USN-1768-1

USN-1769-1

USN-1774-1

Affected Products

Red Hat

Suse

Xen

PT-2013-2174 · Linux+2 · Xen+2

CVE-2013-0231

Weakness Enumeration

Related Identifiers

Affected Products

References · 425