CVE-2013-2211

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2013-2211

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2013-2211.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2013-2211

Related

DSA-3006-1

Published

2013-08-28T21:55:08Z

Modified

2024-09-18T01:00:20Z

Summary

[none]

Details

The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors.

References

Affected packages

Debian:11 / xen

Package

Name: xen
Purl: pkg:deb/debian/xen?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / xen

Package

Name: xen
Purl: pkg:deb/debian/xen?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / xen

Package

Name: xen
Purl: pkg:deb/debian/xen?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}