{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106152?format=json","vulnerability_id":"VCID-fe56-4226-77ev","summary":"Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running \"under memory pressure\" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors.","aliases":[{"alias":"CVE-2013-1920"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135915?format=json","purl":"pkg:deb/debian/xen@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135902?format=json","purl":"pkg:deb/debian/xen@4.14.6-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27xc-hy1s-n7bf"},{"vulnerability":"VCID-2qbn-f381-abhx"},{"vulnerability":"VCID-2wu6-2tup-2ub2"},{"vulnerability":"VCID-339r-nmjn-gfa2"},{"vulnerability":"VCID-3nb3-3wud-jfhv"},{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-6uvb-67h4-1fgy"},{"vulnerability":"VCID-7yrz-z3a2-vkgg"},{"vulnerability":"VCID-8gj8-dga7-gkht"},{"vulnerability":"VCID-8r4d-1tcs-13gd"},{"vulnerability":"VCID-9g21-rc3r-5uer"},{"vulnerability":"VCID-c58r-gesb-f7hq"},{"vulnerability":"VCID-cgzn-pdre-1bec"},{"vulnerability":"VCID-cvj7-478z-x3b1"},{"vulnerability":"VCID-dke6-vwb6-fuf4"},{"vulnerability":"VCID-dwq4-9tk2-8yfp"},{"vulnerability":"VCID-f7v4-85sw-1keq"},{"vulnerability":"VCID-fwx8-9f5e-v7hw"},{"vulnerability":"VCID-jcpf-68kx-67fr"},{"vulnerability":"VCID-jm1q-fxpu-qbg3"},{"vulnerability":"VCID-k3xq-ruut-3yhw"},{"vulnerability":"VCID-k5qj-xcvq-5ke1"},{"vulnerability":"VCID-k6gh-hx5m-wba2"},{"vulnerability":"VCID-kcwp-bu7h-6kds"},{"vulnerability":"VCID-kpyj-6qpe-pbep"},{"vulnerability":"VCID-ma7k-xrxw-vubd"},{"vulnerability":"VCID-ma9d-b2uy-jkft"},{"vulnerability":"VCID-mvnt-qc9z-jygu"},{"vulnerability":"VCID-navq-t6wp-xqaf"},{"vulnerability":"VCID-rm4s-2uwv-tkac"},{"vulnerability":"VCID-rw5e-3s13-hycn"},{"vulnerability":"VCID-su6k-nv2m-yqac"},{"vulnerability":"VCID-swjx-x5hb-n3c2"},{"vulnerability":"VCID-sx9z-gbkd-8fgv"},{"vulnerability":"VCID-t5nz-98gp-7fa1"},{"vulnerability":"VCID-t63z-5wwn-1bh9"},{"vulnerability":"VCID-t9tt-yd4b-r3cy"},{"vulnerability":"VCID-u4yc-hhne-2kaz"},{"vulnerability":"VCID-vj8v-zms6-gug9"},{"vulnerability":"VCID-vkt6-fjzc-4uay"},{"vulnerability":"VCID-w8sx-m2vx-1ucv"},{"vulnerability":"VCID-wuca-6w96-kfdp"},{"vulnerability":"VCID-x9md-fcrv-y7d8"},{"vulnerability":"VCID-xa2b-k4ye-e7d3"},{"vulnerability":"VCID-yqrw-w2g9-2kf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.14.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135900?format=json","purl":"pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qbn-f381-abhx"},{"vulnerability":"VCID-67uu-vpqg-gbc9"},{"vulnerability":"VCID-k5qj-xcvq-5ke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135904?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135903?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/190836?format=json","purl":"pkg:ebuild/app-emulation/xen@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/190837?format=json","purl":"pkg:ebuild/app-emulation/xen-tools@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-tools@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190838?format=json","purl":"pkg:ebuild/app-emulation/xen-tools@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-tools@4.2.2-r3"}],"affected_packages":[],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1920.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1920.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1920","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19961","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20037","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20031","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19993","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1920"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=950097","reference_id":"950097","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=950097"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-47.html","reference_id":"XSA-47","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-47.html"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fe56-4226-77ev"}