CVE-2013-4375 - The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other ve

CVE-2013-4375

Summary

The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors.

References

Vulnerable Configurations

cpe:2.3:a:qemu:qemu:1.1:*:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:1.1:*:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:1.1:rc1:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:1.1:rc1:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:1.1:rc2:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:1.1:rc2:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:1.1:rc3:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:1.1:rc3:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:1.1:rc4:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:1.1:rc4:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*

CVSS

Base:	2.7 (as of 07-01-2017 - 02:59)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:A/AC:L/Au:S/C:N/I:N/A:P

refmap via4

confirm	http://xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-431.html
gentoo	GLSA-201407-03
mlist	[oss-security] 20131010 Xen Security Advisory 71 (CVE-2013-4375) - qemu disk backend (qdisk) resource leak
ubuntu	USN-2092-1

Last major update

07-01-2017 - 02:59

Published

19-01-2014 - 18:55

Last modified

07-01-2017 - 02:59