CVE-2013-0151 — XEN vulnerability

CWE-2646 documents5 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 68.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedMar 7

Latest updateMay 5

Description

The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs.

CVSS vector

AV:A/AC:H/C:N/I:N/A:CExploitability: 3.2 | Impact: 6.9

Affected Packages2 packages

▶NVDxen/xen4.2.0, 4.2.1+1

▶debiandebian/xen

🔴Vulnerability Details

GHSA

GHSA-m64p-frgg-6gxh: The do_hvm_op function in xen/arch/x86/hvm/hvm↗2022-05-05

▶

📋Vendor Advisories

Red Hat

kernel: xen: nested HVM host crash / OOM condition↗2013-01-22

▶

Debian

CVE-2013-0151: xen - The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 plat...↗2013

▶

💬Community

Bugzilla

CVE-2013-0151 CVE-2013-0152: kernel: xen: nested HVM host crash / OOM condition [fedora-all]↗2013-01-22

▶

Bugzilla

CVE-2013-0151 CVE-2013-0152: kernel: xen: nested HVM host crash / OOM condition↗2013-01-08

▶