Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0151

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2013-0151
Last Modified 10 Oct 2013 11:48:23
Published 07 Mar 2013 12:04:42
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector ADJACENT_NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2013-0151

Summary

The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs.

Vulnerable Systems

Operating System

  • Xen 4.2.0

  • Xen 4.2.1


References

CONFIRM - http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=d60d7082289a74e44b3dc8f67df46c3404ca08bf

MLIST - [oss-security] 20130122 Xen Security Advisory 34 (CVE-2013-0151) - nested virtualization on 32-bit exposes host crash

GENTOO - GLSA-201309-24

SECUNIA - 55082


Last Updated: 27 May 2016 10:47:24