CVE-2013-2072

Name of the Vulnerable Software and Affected Versions Xen versions 4.0.x through 4.2.x

Description A buffer overflow issue exists in the Python bindings for the xc vcpu setaffinity call, allowing local administrators with permissions to configure VCPU affinity to cause a denial of service, resulting in memory corruption and a crash of the xend toolstack. This issue may also potentially allow privilege escalation via a crafted cpumap.

Recommendations For Xen versions 4.0.x through 4.2.x, consider restricting access to the xc vcpu setaffinity call until a patch is available. As a temporary workaround, limit the configuration of VCPU affinity to trusted administrators only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.