CVE-2013-4553
EPSS 0.33%
Description
The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock).
How to fix CVE-2013-4553
To remediate CVE-2013-4553, upgrade the affected package to a fixed version below.
- Debian/xen—upgrade to 4.4.0-1 or later
Is CVE-2013-4553 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.4.0-1