{"id":"CVE-2013-4329","details":"The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction.","modified":"2026-01-27T04:12:14.048737Z","published":"2013-09-12T18:37:43Z","withdrawn":"2026-01-27T04:12:14.048737Z","references":[{"type":"ADVISORY","url":"http://security.gentoo.org/glsa/glsa-201407-03.xml"},{"type":"ADVISORY","url":"http://www.debian.org/security/2014/dsa-3006"},{"type":"FIX","url":"http://lists.xen.org/archives/html/xen-devel/2013-07/msg00066.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2013/09/10/4"}],"schema_version":"1.7.3"}