CVE-2013-1917

EPSS 0.07%
Published 13.05.2013 23:55:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction.

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Xen ≫ Xen Version3.1.3

Xen ≫ Xen Version3.1.4

Xen ≫ Xen Version3.2.0

Xen ≫ Xen Version3.2.1

Xen ≫ Xen Version3.2.2

Xen ≫ Xen Version3.2.3

Xen ≫ Xen Version3.3.0

Xen ≫ Xen Version3.3.1

Xen ≫ Xen Version3.3.2

Xen ≫ Xen Version3.4.0

Xen ≫ Xen Version3.4.1

Xen ≫ Xen Version3.4.2

Xen ≫ Xen Version3.4.3

Xen ≫ Xen Version3.4.4

Xen ≫ Xen Version4.0.0

Xen ≫ Xen Version4.0.1

Xen ≫ Xen Version4.0.2

Xen ≫ Xen Version4.0.3

Xen ≫ Xen Version4.0.4

Xen ≫ Xen Version4.1.0

Xen ≫ Xen Version4.1.1

Xen ≫ Xen Version4.1.2

Xen ≫ Xen Version4.1.3

Xen ≫ Xen Version4.1.4

Xen ≫ Xen Version4.2.0

Xen ≫ Xen Version4.2.1

Xen ≫ Xen Version4.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.195

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html

http://secunia.com/advisories/55082

http://security.gentoo.org/glsa/glsa-201309-24.xml

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html

http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html

http://www.debian.org/security/2012/dsa-2662

http://www.openwall.com/lists/oss-security/2013/04/18/8

http://www.securitytracker.com/id/1028455

https://nvd.nist.gov/vuln/detail/CVE-2013-1917

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-1917

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-1917

EUVD