Vulnerability Details : CVE-2013-4375
The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-4375
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 23 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-4375
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
2.7
|
LOW | AV:A/AC:L/Au:S/C:N/I:N/A:P |
5.1
|
2.9
|
NIST |
CWE ids for CVE-2013-4375
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4375
-
http://www.openwall.com/lists/oss-security/2013/10/10/14
oss-security - Xen Security Advisory 71 (CVE-2013-4375) - qemu disk backend (qdisk) resource leak
-
http://security.gentoo.org/glsa/glsa-201407-03.xml
Xen: Multiple Vunlerabilities (GLSA 201407-03) — Gentoo security
-
http://xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-431.html
Page not found - Xen ProjectVendor Advisory
-
http://www.ubuntu.com/usn/USN-2092-1
USN-2092-1: QEMU vulnerabilities | Ubuntu security notices
Products affected by CVE-2013-4375
- cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:1.1:rc4:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:1.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:1.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:1.1:rc3:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:1.1:*:*:*:*:*:*:*