CVE-2013-2211

Description

The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors.

How to fix CVE-2013-2211

To remediate CVE-2013-2211, upgrade the affected package to a fixed version below.

• Debian/xen—upgrade to 4.3.0-1 or later

Is CVE-2013-2211 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 4.3.0-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-2211