CVE-2013-4551 — Improper Input Validation in XEN

CWE-20 — Improper Input Validation7 documents6 sources

Severity

5.7MEDIUMNVD

EPSS

0.4%

top 37.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedNov 18

Latest updateMay 17

Description

Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution."

CVSS vector

AV:A/AC:M/C:N/I:N/A:CExploitability: 5.5 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.4.0-1 (bookworm)

▶Debianxen/xen< 4.4.0-1+3

▶NVDxen/xen6 versions+5

🔴Vulnerability Details

GHSA

GHSA-x975-qcf7-3vh2: Xen 4↗2022-05-17

▶

OSV

CVE-2013-4551: Xen 4↗2013-11-18

▶

📋Vendor Advisories

Red Hat

xen: Host crash due to guest VMX instruction execution↗2013-11-08

▶

Debian

CVE-2013-4551: xen - Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly c...↗2013

▶

💬Community

Bugzilla

CVE-2013-4551 xen: Host crash due to guest VMX instruction execution [fedora-all]↗2013-11-11

▶

Bugzilla

CVE-2013-4551 xen: Host crash due to guest VMX instruction execution↗2013-11-08

▶