CVE-2013-6457
EPSS 0.14%
Description
The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command.
How to fix CVE-2013-6457
To remediate CVE-2013-6457, upgrade the affected package to a fixed version below.
- Debian/libvirt—upgrade to 1.2.1-1 or later
Is CVE-2013-6457 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.2.1-1