CVE-2013-2212 — Improper Restriction of Operations within the Bounds of a Memory Buffer in XEN

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources

Severity

5.7MEDIUMNVD

EPSS

0.2%

top 60.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedAug 28

Latest updateMay 17

Description

The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range.

CVSS vector

AV:A/AC:M/C:N/I:N/A:CExploitability: 5.5 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.3.0-1 (bookworm)

▶Debianxen/xen< 4.3.0-1+3

▶NVDxen/xen23 versions+22

🔴Vulnerability Details

GHSA

GHSA-489v-cqqf-vxgv: The vmx_set_uc_mode function in Xen 3↗2022-05-17

▶

OSV

CVE-2013-2212: The vmx_set_uc_mode function in Xen 3↗2013-08-28

▶

📋Vendor Advisories

Red Hat

kernel: xen: Excessive time to disable caching with HVM guests with PCI passthrough↗2013-07-24

▶

Debian

CVE-2013-2212: xen - The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allo...↗2013

▶

💬Community

Bugzilla

CVE-2013-2212 kernel: xen: Excessive time to disable caching with HVM guests with PCI passthrough [fedora-all]↗2013-07-24

▶

Bugzilla

CVE-2013-2212 kernel: xen: Excessive time to disable caching with HVM guests with PCI passthrough↗2013-07-19

▶