Published: 13/05/2013 Updated: 19/04/2014

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

VMScore: 169

Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P

Xen 3.1 up to and including 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen 3.1.4
xen xen 3.1.3
xen xen 3.3.0
xen xen 3.4.3
xen xen 4.0.2
xen xen 4.0.1
xen xen 4.1.2
xen xen 4.2.2
xen xen 3.3.1
xen xen 3.3.2
xen xen 4.0.4
xen xen 4.0.3
xen xen 4.2.0
xen xen 4.1.3
xen xen 3.2.3
xen xen 3.2.1
xen xen 3.4.4
xen xen 3.4.1
xen xen 4.0.0
xen xen 4.1.4
xen xen 3.2.2
xen xen 3.2.0
xen xen 3.4.2
xen xen 3.4.0
xen xen 4.2.1
xen xen 4.1.1
xen xen 4.1.0

Xen 31 through 4x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction ...

CWE-20 http://www.openwall.com/lists/oss-security/2013/04/18/8 http://www.securitytracker.com/id/1028455 http://www.debian.org/security/2012/dsa-2662 http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-1917

CVE-2013-1917

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect