Resource Management Errors Affecting xen package, versions <4.2.2-0ubuntu0.13.04.2


Severity

Recommended
low

Based on Ubuntu security rating.

Threat Intelligence

EPSS
0.04% (5th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UBUNTU1304-XEN-366827
  • published17 Oct 2013
  • disclosed17 Oct 2013

Introduced: 17 Oct 2013

CVE-2013-4371  (opens in a new tab)
CWE-399  (opens in a new tab)

How to fix?

Upgrade Ubuntu:13.04 xen to version 4.2.2-0ubuntu0.13.04.2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream xen package and not the xen package as distributed by Ubuntu. See How to fix? for Ubuntu:13.04 relevant fixed versions and status.

Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors.

CVSS Scores

version 3.1