CVE-2013-1432

Published: 28 August 2013

Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possibly gain privileges via unspecified vectors.

Priority

Medium

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.3.0-1ubuntu1)
Patches:
Upstream: http://lists.xen.org/archives/html/xen-announce/2013-06/bin0uIuC2YjWL.bin (4.1)
Upstream: http://lists.xen.org/archives/html/xen-announce/2013-06/binHR6AHtI4mk.bin (4.2)
Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3
Launchpad, Ubuntu, Debian
Upstream Ignored
(reached end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Binaries built from this source package are in Universe and so are supported by the community.

Notes

AuthorNote
mdeslaur
hypervisor packages are in universe. For
issues in the hypervisor, add appropriate
tags to each section, ex:
Tags_xen: universe-binary
seth-arnold
Incomplete / incorrect fix for CVE-2013-1918
mdeslaur
This is XSA-58
4.1 and 4.2 only

References