CVE-2013-2072

EPSS 0.36%

xen - security update

Published: 8/28/2013Modified: 4/28/2026

Also known as:DEBIAN-CVE-2013-2072

Description

Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap.

Affected packages (2)

Debian/xenfrom 0, < 4.2.2-1
Debian/xenfrom 0, < 4.1.4-3+deb7u3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-2072