CVE-2013-2194 : Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with cer

Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel.

Published 2013-08-23 16:55:07

Updated 2014-12-12 02:59:34

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-2194

Probability of exploitation activity in the next 30 days: 0.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 22 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-2194

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2013-2194

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-2194

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html

[security-announce] SUSE-SU-2014:0470-1: important: Security update for

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2013/06/20/2

oss-security - Re: Xen Security Advisory 55 - Multiple vulnerabilities in libelf PV kernel handling

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-201309-24.xml

Xen: Multiple vulnerabilities (GLSA 201309-24) — Gentoo security

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2013/06/20/4

oss-security - Xen Security Advisory 55 (CVE-2013-2194,CVE-2013-2195,CVE-2013-2196) - Multiple vulnerabilities in libelf PV kernel handling

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html

[security-announce] SUSE-SU-2014:0446-1: important: Security update for

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html

[security-announce] SUSE-SU-2014:0411-1: important: Security update for

CVEs referencing this url
http://www.debian.org/security/2014/dsa-3006

Debian -- Security Information -- DSA-3006-1 xen

CVEs referencing this url
http://support.citrix.com/article/CTX138058

Security vulnerability in Citrix XenServer PV guest kernel loading could result in privilege escalation
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2013-2194

XEN » XEN
Versions up to, including, (<=) 4.2.2
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 4.2.0
cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 4.2.1
cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-2194

Exploit prediction scoring system (EPSS) score for CVE-2013-2194

CVSS scores for CVE-2013-2194

CWE ids for CVE-2013-2194

References for CVE-2013-2194

Products affected by CVE-2013-2194