CVE-2013-4329

Publication date 12 September 2013

Last updated 24 July 2024

Ubuntu priority

Description

The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
xen	13.10 saucy	Not affected
	13.04 raring	Fixed 4.2.2-0ubuntu0.13.04.2
	12.10 quantal	Fixed 4.1.5-0ubuntu0.12.10.2
	12.04 LTS precise	Fixed 4.1.5-0ubuntu0.12.04.2
	10.04 LTS lucid	Not in release
xen-3.3	13.10 saucy	Not in release
	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Ignored end of life

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

This is XSA-61 only 4.0 through 4.2, 4.3 isn't vulnerable.

References

MITRE
NVD
Launchpad
Debian

Other references

http://lists.xen.org/archives/html/xen-announce/2013-09/msg00001.html
http://lists.xen.org/archives/html/xen-devel/2013-07/msg00066.html
http://www.openwall.com/lists/oss-security/2013/09/10/4
https://www.cve.org/CVERecord?id=CVE-2013-4329