CVE-2013-2072

Publication date 28 August 2013

Last updated 24 July 2024

Ubuntu priority

Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
xen	13.04 raring	Fixed 4.2.1-0ubuntu3.2
	12.10 quantal	Fixed 4.1.3-3ubuntu1.6
	12.04 LTS precise	Fixed 4.1.2-2ubuntu2.9
	10.04 LTS lucid	Not in release
xen-3.3	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not affected

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

This is XSA-56 4.0 and later

References

MITRE
NVD
Launchpad
Debian

Other references

http://lists.xen.org/archives/html/xen-announce/2013-05/msg00004.html
https://www.cve.org/CVERecord?id=CVE-2013-2072