CVE-2013-0153 — XEN vulnerability

7 documents6 sources

Severity

4.7MEDIUMNVD

EPSS

0.1%

top 69.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedFeb 14

Latest updateMay 5

Description

The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests.

CVSS vector

AV:L/AC:M/C:N/I:N/A:CExploitability: 3.4 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.1.4-2 (bookworm)

▶Debianxen/xen< 4.1.4-2+3

▶NVDxen/xen8 versions+7

🔴Vulnerability Details

GHSA

GHSA-vpjv-xvjr-pg3c: The AMD IOMMU support in Xen 4↗2022-05-05

▶

OSV

CVE-2013-0153: The AMD IOMMU support in Xen 4↗2013-02-14

▶

📋Vendor Advisories

Red Hat

kernel: xen: interrupt remap entries shared and old ones not cleared on AMD IOMMUs↗2013-02-05

▶

Debian

CVE-2013-0153: xen - The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using A...↗2013

▶

💬Community

Bugzilla

CVE-2013-0153 kernel: xen: interrupt remap entries shared and old ones not cleared on AMD IOMMUs↗2013-02-13

▶

Bugzilla

CVE-2013-0153 kernel: xen: interrupt remap entries shared and old ones not cleared on AMD IOMMUs [fedora-all]↗2013-02-13

▶