Vulnerability Report

CVE-2013-6375

Title: Opensuse Auth Bypass

Auth Bypass

Proof Of Concept

PoC Available for CVE-2013-6375

CWE Category CWE-264
Published Date Nov 23, 2013
Modified Date Apr 29, 2026
Exploit Status Available
Score 7.9 CVSS v2.0
Exploit Probability (EPSS)
0.63%

Vulnerability Summary

CVE-2013-6375: Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter."

Impacted Vendors

O
opensuse 1
X
xen 1
S
suse 1
X
xensource_inc 1

Reference Links

http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html http://security.gentoo.org/glsa/glsa-201407-03.xml http://www.openwall.com/lists/oss-security/2013/11/20/3 http://www.openwall.com/lists/oss-security/2013/11/21/1 http://www.securitytracker.com/id/1029369 http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html http://security.gentoo.org/glsa/glsa-201407-03.xml http://www.openwall.com/lists/oss-security/2013/11/20/3 http://www.openwall.com/lists/oss-security/2013/11/21/1 http://www.securitytracker.com/id/1029369
CVSS v2.0
Source Entity [email protected]
Severity HIGH
7.9
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:A/AC:M/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2013-6375 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/bl4ck5un/cve-2013-6375
View Code
MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:A/AC:M/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.