Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-4329

The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction.

Published

2013-09-12T18:37:43.303

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.5 (MEDIUM)

CVSSv2 Vector

AV:A/AC:H/Au:S/C:C/I:C/A:C

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: HIGH
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

2.5

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-264
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System xen xen 4.0.0 Yes
Operating System xen xen 4.0.1 Yes
Operating System xen xen 4.0.2 Yes
Operating System xen xen 4.0.3 Yes
Operating System xen xen 4.0.4 Yes
Operating System xen xen 4.1.0 Yes
Operating System xen xen 4.1.1 Yes
Operating System xen xen 4.1.2 Yes
Operating System xen xen 4.1.3 Yes
Operating System xen xen 4.1.4 Yes
Operating System xen xen 4.1.5 Yes
Operating System xen xen 4.2.0 Yes
Operating System xen xen 4.2.1 Yes
Operating System xen xen 4.2.2 Yes
Operating System xen xen 4.2.3 Yes
References