CVE-2013-4356
EPSS 0.09%
Description
Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash).
How to fix CVE-2013-4356
To remediate CVE-2013-4356, upgrade the affected package to a fixed version below.
- Debian/xen—upgrade to 4.4.0-1 or later
Is CVE-2013-4356 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.4.0-1