CVE-2013-1432

Publication date 28 August 2013

Last updated 24 July 2024

Ubuntu priority

Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possibly gain privileges via unspecified vectors.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
xen	13.10 saucy	Not affected
	13.04 raring	Fixed 4.2.2-0ubuntu0.13.04.3
	12.10 quantal	Fixed 4.1.5-0ubuntu0.12.10.2
	12.04 LTS precise	Fixed 4.1.5-0ubuntu0.12.04.2
	10.04 LTS lucid	Not in release
xen-3.3	13.10 saucy	Not in release
	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Ignored end of life

Notes

mdeslaur

hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary

seth-arnold

Incomplete / incorrect fix for CVE-2013-1918

mdeslaur

This is XSA-58 4.1 and 4.2 only

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
xen	Upstream: http://lists.xen.org/archives/html/xen-announce/2013-06/bin0uIuC2YjWL.bin Upstream: http://lists.xen.org/archives/html/xen-announce/2013-06/binHR6AHtI4mk.bin

CVE-2013-1432

Status

Notes

mdeslaur

seth-arnold

mdeslaur

Patch details

References

Other references