CVE-2013-2194 CVE-2013-2195 CVE-2013-2196



Multiple vulnerabilities in libelf PV kernel handling

The ELF parser used by the Xen tools to read domains' kernels and construct domains has multiple integer overflows, pointer dereferences based on calculations from unchecked input values, and other problems. This corresponds to the following CVEs:

integer overflow, lack of check (NULL pointer)




A malicious PV domain administrator who can specify their own kernel can escalate their privilege to that of the domain construction tools (i.e., normally, to control of the host).

Additionally a malicious HVM domain administrator who is able to supply their own firmware (hvmloader) can do likewise; however we think this would be very unusual and it is unlikely that such configurations exist in production systems.

privilege escalation, DoS