CVE-2013-2072

Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap.

Published: Aug 28, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-2072
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.4
AV:A/AC:M/Au:S/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
xen / xen	4.1.5	4.1.5.x
xen / xen	4.1.2	4.1.2.x
xen / xen	4.1.1	4.1.1.x
xen / xen	4.1.0	4.1.0.x
xen / xen	4.1.3	4.1.3.x
xen / xen	4.1.4	4.1.4.x
xen / xen	4.2.2	4.2.2.x
xen / xen	4.2.0	4.2.0.x
xen / xen	4.2.1	4.2.1.x
debian / debian_linux	7.0	7.0.x
xen / xen	4.0.4	4.0.4.x
xen / xen	4.0.2	4.0.2.x
xen / xen	4.0.0	4.0.0.x
xen / xen	4.0.1	4.0.1.x
xen / xen	4.0.3	4.0.3.x

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106718.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106721.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106778.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
http://www.debian.org/security/2014/dsa-3041
http://www.openwall.com/lists/oss-security/2013/05/17/2
http://www.securityfocus.com/bid/59982

Vulnerability Database

289,697

CVE-2013-2072