Vulnerability CVE-2013-1964

Vulnerability Name:

CVE-2013-1964 (CCN-83644)

Assigned:

2013-04-18

Published:

2013-04-18

Updated:

2017-06-30

Summary:

Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2013-1964

Source: FEDORA
Type: UNKNOWN
FEDORA-2013-6723

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:0446

Source: CCN
Type: XSA-50
grant table hypercall acquire/release imbalance

Source: CCN
Type: SA53134
Xen Grant Table Hypercall Handling Vulnerability

Source: CCN
Type: SA53373
Citrix XenServer Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
55082

Source: GENTOO
Type: UNKNOWN
GLSA-201309-24

Source: CCN
Type: CTX137657
Citrix XenServer Multiple Security Updates

Source: DEBIAN
Type: UNKNOWN
DSA-2666

Source: DEBIAN
Type: DSA-2666
xen -- several vulnerabilities

Source: MLIST
Type: UNKNOWN
[oss-security] 20130418 Xen Security Advisory 50 (CVE-2013-1964) - grant table hypercall acquire/release imbalance

Source: BID
Type: UNKNOWN
59293

Source: CCN
Type: BID-59293
Xen CVE-2013-1964 Local Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1028459

Source: CCN
Type: Red Hat Bugzilla Bug 953632
CVE-2013-1964 xen: grant table hypercall acquire/release imbalance

Source: XF
Type: UNKNOWN
xen-cve20131964-dos(83644)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-1964

Vulnerable Configuration:

Configuration 1:

cpe:/o:xen:xen:4.0.0:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.0.1:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.0.2:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.0.3:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.0.4:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.0:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.1:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.2:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.3:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.4:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:xensource:xen:4.0:*:*:*:*:*:*:*

OR cpe:/a:xensource:xen:4.1:*:*:*:*:*:*:*

AND

cpe:/a:citrix:xenserver:5.5:*:*:*:*:*:*:*

OR cpe:/a:citrix:xenserver:5.0:*:*:*:*:*:*:*

OR cpe:/a:citrix:xenserver:5.6:*:*:*:*:*:*:*

OR cpe:/a:citrix:xenserver:6.0:*:*:*:*:*:*:*

OR cpe:/a:citrix:xenserver:6.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:55530	P	Security update for containerd (Moderate)	2023-04-13
oval:org.opensuse.security:def:20131964	V	CVE-2013-1964	2022-05-20
oval:org.opensuse.security:def:34681	P	Security update for the Linux Kernel (Important)	2022-01-13
oval:org.opensuse.security:def:57199	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:29455	P	Security update for webkit2gtk3 (Important)	2021-12-01
oval:org.opensuse.security:def:34003	P	Security update for java-1_7_0-openjdk (Important)	2021-11-24
oval:org.opensuse.security:def:33028	P	Security update for git (Low)	2021-10-20
oval:org.opensuse.security:def:33029	P	Security update for ncurses (Moderate)	2021-10-20
oval:org.opensuse.security:def:33730	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:33729	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:55245	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:33706	P	Security update for unrar (Moderate)	2021-08-25
oval:org.opensuse.security:def:33705	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:33959	P	Security update for java-1_8_0-openjdk (Important)	2021-08-20
oval:org.opensuse.security:def:55923	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:33935	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:32949	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:32950	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:32937	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:32939	P	Security update for qemu (Important)	2021-06-08
oval:org.opensuse.security:def:32938	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:33666	P	Security update for apache2-mod_auth_openidc (Important)	2021-06-08
oval:org.opensuse.security:def:33667	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:34452	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:34451	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:29369	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:33896	P	Security update for MozillaFirefox (Important)	2021-04-27
oval:org.opensuse.security:def:34412	P	Security update for ImageMagick (Moderate)	2021-04-20
oval:org.opensuse.security:def:34411	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:33633	P	Security update for xorg-x11-server (Important)	2021-04-13
oval:org.opensuse.security:def:33790	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:33773	P	Security update for perl-XML-Twig (Moderate)	2021-03-01
oval:org.opensuse.security:def:34641	P	Security update for open-iscsi (Important)	2021-03-01
oval:org.opensuse.security:def:33774	P	Security update for MozillaFirefox (Important)	2021-03-01
oval:org.opensuse.security:def:28940	P	Security update for krb5-appl (Important)	2021-02-19
oval:org.opensuse.security:def:28939	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:28927	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:28928	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:55842	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:28929	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:29368	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:29367	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:29954	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:33617	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:33618	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:26244	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:54973	P	pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29574	P	Security update for Apache2	2020-12-01
oval:org.opensuse.security:def:26233	P	Security update for python-reportlab (Important)	2020-12-01
oval:org.opensuse.security:def:33164	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29750	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:26964	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57273	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:26436	P	Security update for pdns-recursor (Moderate)	2020-12-01
oval:org.opensuse.security:def:33403	P	Security update for Salt (Moderate)	2020-12-01
oval:org.opensuse.security:def:29662	P	Security update for CVS	2020-12-01
oval:org.opensuse.security:def:29008	P	Security update for gnutls (Important)	2020-12-01
oval:org.opensuse.security:def:33545	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29853	P	Security update for Linux Kernel	2020-12-01
oval:org.opensuse.security:def:27646	P	Security update for libvirt	2020-12-01
oval:org.opensuse.security:def:29169	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:27503	P	libwsman-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29724	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:54400	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29225	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:29910	P	Security update for libapr	2020-12-01
oval:org.opensuse.security:def:27738	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:30399	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:30592	P	Security update for openswan	2020-12-01
oval:org.opensuse.security:def:33179	P	libsamplerate on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55079	P	cpp48 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27840	P	Security update for mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:27172	P	libadns1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33259	P	squidGuard on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29575	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27161	P	kdirstat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33393	P	Security update for spacewalk	2020-12-01
oval:org.opensuse.security:def:27893	P	Security update for shim	2020-12-01
oval:org.opensuse.security:def:27364	P	PolicyKit-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33404	P	Security update for zeromq (Important)	2020-12-01
oval:org.opensuse.security:def:29663	P	Security update for cvs (Moderate)	2020-12-01
oval:org.opensuse.security:def:29009	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:26658	P	MozillaFirefox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55730	P	Security update for ntp (Important)	2020-12-01
oval:org.opensuse.security:def:28575	P	Security update for OpenSSL	2020-12-01
oval:org.opensuse.security:def:54422	P	argyllcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29282	P	Security update for xorg-x11-libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:29725	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:29226	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:26862	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54800	P	gstreamer-plugins-good on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29520	P	Security update for LibVNCServer (Critical)	2020-12-01
oval:org.opensuse.security:def:30400	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:26232	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:29597	P	Security update for atftp (Important)	2020-12-01
oval:org.opensuse.security:def:26950	P	libgdiplus0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26308	P	Security update for python modules (Low)	2020-12-01
oval:org.opensuse.security:def:33315	P	openssh-openssl1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29623	P	Security update for bsdtar (Moderate)	2020-12-01
oval:org.opensuse.security:def:33488	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:29804	P	Security update for inst-source-utils	2020-12-01
oval:org.opensuse.security:def:27008	P	pango on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26517	P	NetworkManager-gnome on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33560	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29680	P	Security update for ecryptfs-utils	2020-12-01
oval:org.opensuse.security:def:29157	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:29139	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29892	P	Security update for Kerberos 5	2020-12-01
oval:org.opensuse.security:def:27681	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:29238	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:27587	P	xorg-x11-libXt-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30362	P	Security update for wireshark	2020-12-01
oval:org.opensuse.security:def:29283	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:33847	P	Security update for okular	2020-12-01
oval:org.opensuse.security:def:33168	P	libopensc2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27791	P	Security update for libgadu	2020-12-01
oval:org.opensuse.security:def:33167	P	libnewt0_52 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33163	P	libmysql55client18-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29521	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:30629	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:27160	P	kdenetwork4-filesharing on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33258	P	squid3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27879	P	Security update for rubygem-actionpack-2_3	2020-12-01
oval:org.opensuse.security:def:27236	P	lxc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33316	P	openvpn-openssl1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29624	P	Security update for Mono	2020-12-01
oval:org.opensuse.security:def:26574	P	krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55638	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27937	P	Security update for GraphicsMagick (Important)	2020-12-01
oval:org.opensuse.security:def:29158	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:27446	P	libgadu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33561	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29681	P	Security update for ecryptfs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:54399	P	wdiff on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29140	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26809	P	puppet on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55804	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:28610	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:54562	P	libjpeg-turbo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30363	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:29512	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26911	P	gstreamer-0_10-plugins-good on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:25115	P	SUSE-SU-2014:0446-1 -- Security update for Xen	2014-09-08
oval:org.mitre.oval:def:25689	P	SUSE-SU-2013:1075-1 -- Security update for Xen	2014-09-08
oval:org.mitre.oval:def:20046	P	DSA-2666-1 xen - several	2014-06-23
oval:org.opensuse.security:def:79907	P	Security update for Xen	2013-05-31
oval:com.ubuntu.precise:def:20131964000	V	CVE-2013-1964 on Ubuntu 12.04 LTS (precise) - medium.	2013-05-21

BACK