CVE-2013-4375

Gentoo Linux Security Advisory 201407-03

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors.

El backend PV qdisk en qemu-xen de Xen 4.2.x y 4.3.x anteriores a 4.3.1, y qemu 1.1 y otras versiones, permite a invitados locales HVM causar una denegación de servicio (consumo de referencia de concesión de dominio) a través de vectores no especificados.

Asias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.10 and Ubuntu 13.10. Various other issues were also addressed.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-06-12 CVE Reserved
2014-01-19 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors

CAPEC

References (4)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2013/10/10/14	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://security.gentoo.org/glsa/glsa-201407-03.xml	2017-01-07
http://www.ubuntu.com/usn/USN-2092-1	2017-01-07
http://xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-431.html	2017-01-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Qemu Search vendor "Qemu"		Qemu Search vendor "Qemu" for product "Qemu"				1.1 Search vendor "Qemu" for product "Qemu" and version "1.1"		-		Affected
Qemu Search vendor "Qemu"		Qemu Search vendor "Qemu" for product "Qemu"				1.1 Search vendor "Qemu" for product "Qemu" and version "1.1"		rc1		Affected
Qemu Search vendor "Qemu"		Qemu Search vendor "Qemu" for product "Qemu"				1.1 Search vendor "Qemu" for product "Qemu" and version "1.1"		rc2		Affected
Qemu Search vendor "Qemu"		Qemu Search vendor "Qemu" for product "Qemu"				1.1 Search vendor "Qemu" for product "Qemu" and version "1.1"		rc3		Affected
Qemu Search vendor "Qemu"		Qemu Search vendor "Qemu" for product "Qemu"				1.1 Search vendor "Qemu" for product "Qemu" and version "1.1"		rc4		Affected
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				4.2.0 Search vendor "Xen" for product "Xen" and version "4.2.0"		-		Affected
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				4.2.1 Search vendor "Xen" for product "Xen" and version "4.2.1"		-		Affected
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				4.2.2 Search vendor "Xen" for product "Xen" and version "4.2.2"		-		Affected
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				4.2.3 Search vendor "Xen" for product "Xen" and version "4.2.3"		-		Affected
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				4.3.0 Search vendor "Xen" for product "Xen" and version "4.3.0"		-		Affected