Lucene search

PRIOn knowledge basePRION:CVE-2013-1917

HistoryMay 13, 2013 - 11:55 p.m.

Information disclosure

2013-05-1323:55:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

24.7%

JSON

Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction.

CPENameOperatorVersion
xeneq3.2.0
xeneq3.2.1
xeneq4.2.2
xeneq3.4.0
xeneq4.0.4
xeneq4.0.2
xeneq3.3.2
xeneq4.1.2
xeneq3.2.2
xeneq3.4.4

Name	Operator	Version
xen	eq	3.2.0
xen	eq	3.2.1
xen	eq	4.2.2
xen	eq	3.4.0
xen	eq	4.0.4
xen	eq	4.0.2
xen	eq	3.3.2
xen	eq	4.1.2
xen	eq	3.2.2
xen	eq	3.4.4

Rows per page:

1-10 of 271

References

lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html

lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html

lists.opensuse.org/opensuse-updates/2013-06/msg00049.html

secunia.com/advisories/55082

security.gentoo.org/glsa/glsa-201309-24.xml

www.debian.org/security/2012/dsa-2662

www.openwall.com/lists/oss-security/2013/04/18/8

www.securitytracker.com/id/1028455

lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html

6.7 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

24.7%

JSON

Related for PRION:CVE-2013-1917