CVE-2013-4375

NameCVE-2013-4375
DescriptionThe qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu (PTS)jessie1:2.1+dfsg-12+deb8u6fixed
jessie (security)1:2.1+dfsg-12+deb8u8fixed
stretch1:2.8+dfsg-6+deb9u4fixed
stretch (security)1:2.8+dfsg-6+deb9u5fixed
buster1:2.12+dfsg-3fixed
sid1:3.1+dfsg-1fixed
xen (PTS)jessie4.4.1-9+deb8u10fixed
jessie (security)4.4.4lts4-0+deb8u1fixed
stretch (security), stretch4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10fixed
buster, sid4.11.1~pre.20180911.5acdd26fdc+dfsg-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qemusource(unstable)1.7.0+dfsg-1low
qemusourcejessie(not affected)
qemusourcesqueeze(not affected)
qemusourcewheezy(not affected)
qemu-kvmsource(unstable)(not affected)
xensource(unstable)4.2low
xensourcesqueeze(not affected)
xensourcewheezy(not affected)
xen-qemu-dm-4.0source(unstable)(not affected)

Notes

[squeeze] - xen <not-affected> (Only affects 4.2 and later)
[wheezy] - xen <not-affected> (Only affects 4.2 and later)
[jessie] - qemu <not-affected> (Xen in Wheezy uses it's internal copy of qemu)
[wheezy] - qemu <not-affected> (Xen in Wheezy uses it's internal copy of qemu)
[squeeze] - qemu <not-affected> (vulnerable from version 1.1 onwards)
- qemu-kvm <not-affected> (This only affects Qemu in combination with Xen)
- xen-qemu-dm-4.0 <not-affected> (Affected code not yet present)
This is only exploitable in combination with Xen.
Xen in Squeeze uses a separate source package: xen-qemu-dm-4.0
Xen in Wheezy includes qemu
Xen after Wheezy uses qemu-system-x86 from qemu, marking 4.2 as pseudo fixed

Search for package or bug name: Reporting problems