CVE-2013-2078 — Improper Input Validation in XEN

CWE-20 — Improper Input Validation7 documents6 sources

Severity

4.7MEDIUMNVD

EPSS

0.1%

top 82.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedAug 14

Latest updateMay 17

Description

Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction.

CVSS vector

AV:L/AC:M/C:N/I:N/A:CExploitability: 3.4 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.2.2-1 (bookworm)

▶Debianxen/xen< 4.2.2-1+3

▶NVDxen/xen12 versions+11

🔴Vulnerability Details

GHSA

GHSA-wh6h-93r6-prr7: Xen 4↗2022-05-17

▶

OSV

CVE-2013-2078: Xen 4↗2013-08-14

▶

📋Vendor Advisories

Red Hat

kernel: xen: Hypervisor crash due to missing exception recovery on XSETBV↗2013-06-03

▶

Debian

CVE-2013-2078: xen - Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a...↗2013

▶

💬Community

Bugzilla

CVE-2013-2078 kernel: xen: Hypervisor crash due to missing exception recovery on XSETBV [fedora-all]↗2013-06-03

▶

Bugzilla

CVE-2013-2078 kernel: xen: Hypervisor crash due to missing exception recovery on XSETBV↗2013-05-17

▶