CVE-2013-4494

Publication date 2 November 2013

Last updated 24 July 2024

Ubuntu priority

Description

Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
xen	13.10 saucy	Fixed 4.3.0-1ubuntu1.1
	13.04 raring	Fixed 4.2.2-0ubuntu0.13.04.2
	12.10 quantal	Fixed 4.1.5-0ubuntu0.12.10.2
	12.04 LTS precise	Fixed 4.1.5-0ubuntu0.12.04.2
	10.04 LTS lucid	Not in release
xen-3.3	13.10 saucy	Not in release
	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Ignored end of life

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

This is XSA-73

References

MITRE
NVD
Launchpad
Debian

Other references

http://www.openwall.com/lists/oss-security/2013/11/01/3
http://www.openwall.com/lists/oss-security/2013/11/01/2
http://lists.xen.org/archives/html/xen-announce/2013-11/msg00002.html
https://www.cve.org/CVERecord?id=CVE-2013-4494