CVE-2013-2194 CVE-2013-2195 CVE-2013-2196
Multiple vulnerabilities in libelf PV kernel handling
The ELF parser used by the Xen tools to read domains' kernels and construct domains has multiple integer overflows, pointer dereferences based on calculations from unchecked input values, and other problems. This corresponds to the following CVEs:
- CVE-2013-2194 XEN XSA-55 integer overflows
- CVE-2013-2195 XEN XSA-55 pointer dereferences
- CVE-2013-2196 XEN XSA-55 other problems
integer overflow, lack of check (NULL pointer)
A malicious PV domain administrator who can specify their own kernel can escalate their privilege to that of the domain construction tools (i.e., normally, to control of the host).
Additionally a malicious HVM domain administrator who is able to supply their own firmware (hvmloader) can do likewise; however we think this would be very unusual and it is unlikely that such configurations exist in production systems.
privilege escalation, DoS