CVE-2013-4369

Published: 17 October 2013

The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration.

Priority

Low

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.3.0-1ubuntu2)
xen-3.3
Launchpad, Ubuntu, Debian
Upstream Ignored
(reached end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
jdstrand
per upstream, "The only known user of this library is the xl
toolstack which does not have a central long running daemon and therefore the
impact is limited to crashing the process which is creating the domain, which
exists only to service a single domain."
mdeslaur
This is XSA-68

References