Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2013-2076
HistoryAug 28, 2013 - 12:00 a.m.

CVE-2013-2076

2013-08-2800:00:00
ubuntu.com
ubuntu.com
15

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:H/Au:S/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

24.9%

JSON

Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only
save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an
exception is pending, which allows one domain to determine portions of the
state of floating point instructions of other domains, which can be
leveraged to obtain sensitive information such as cryptographic keys, a
similar vulnerability to CVE-2006-1056. NOTE: this is the documented
behavior of AMD64 processors, but it is inconsistent with Intel processors
in a security-relevant fashion that was not addressed by the kernels.

Notes

Author Note
seth-arnold Only vulnerable if on specific AMD AMD64 CPUs with xsave hypervisor command line option
mdeslaur This is XSA-52
OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchxen< 4.1.2-2ubuntu2.9UNKNOWN
ubuntu12.10noarchxen< 4.1.3-3ubuntu1.6UNKNOWN
ubuntu13.04noarchxen< 4.2.1-0ubuntu3.2UNKNOWN

Related

prion 4
debiancve 3
cve 4
xen 1
nessus 23
securityvulns 7
ubuntucve 3
freebsd 1
openvas 50
freebsd_advisory 1
fedora 19
redhat 3
suse 4
centos 3
mageia 2
vmware 1
osv 3
debian 3
ubuntu 1
gentoo 1
prion
prion
Design/Logic Flaw
2013-08-28 21:55:00
Design/Logic Flaw
2006-04-20 10:02:00
Information disclosure
2016-04-13 16:59:00
debiancve
debiancve
CVE-2013-2076
2013-08-28 21:55:00
CVE-2016-3158
2016-04-13 16:59:00
CVE-2016-3159
2016-04-13 16:59:00
cve
cve
CVE-2013-2076
2013-08-28 21:55:00
CVE-2006-1056
2006-04-20 10:02:00
CVE-2016-3159
2016-04-13 16:59:00
xen
xen
Information leak on XSAVE/XRSTOR capable AMD CPUs
2013-06-03 12:00:00
nessus
nessus
OracleVM 3.2 : xen (OVMSA-2013-0042)
2014-11-26 00:00:00
OracleVM 3.1 : xen (OVMSA-2013-0043)
2014-11-26 00:00:00
Fedora 19 : xen-4.2.2-6.fc19 (2013-9986)
2013-07-12 00:00:00
securityvulns
securityvulns
ChangeLog-2.6.16.9
2006-04-19 00:00:00
VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue
2006-11-14 00:00:00
FreeBSD Security Advisory FreeBSD-SA-06:14.fpu
2006-04-19 00:00:00
ubuntucve
ubuntucve
CVE-2006-1056
2006-04-20 00:00:00
CVE-2016-3159
2016-04-13 00:00:00
CVE-2016-3158
2016-04-13 00:00:00
freebsd
freebsd
FreeBSD -- FPU information disclosure
2006-04-19 00:00:00
openvas
openvas
FreeBSD Security Advisory (FreeBSD-SA-06:14.fpu.asc)
2008-09-04 00:00:00
FreeBSD Security Advisory (FreeBSD-SA-06:14.fpu.asc)
2008-09-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:1314-1)
2021-06-09 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-06:14.fpu
2006-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: xen-4.2.2-6.fc19
2013-06-13 06:50:58
[SECURITY] Fedora 18 Update: xen-4.2.2-6.fc18
2013-06-14 02:28:52
[SECURITY] Fedora 18 Update: xen-4.2.2-9.fc18
2013-07-06 00:52:04
redhat
redhat
(RHSA-2006:0579) kernel security update
2006-07-13 00:00:00
(RHSA-2006:0437) Updated kernel packages for Red Hat Enterprise Linux 3 Update 8
2006-07-20 09:25:51
(RHSA-2006:0575) Updated kernel packages available for Red Hat Enterprise Linux 4 Update 4
2006-08-10 00:00:00
suse
suse
Security update for Xen (important)
2013-08-09 16:04:13
Security update for Xen (important)
2013-06-25 19:04:17
remote denial of service in kernel
2006-05-31 15:47:21
centos
centos
kernel security update
2006-07-17 05:19:27
kernel security update
2006-07-20 16:09:23
kernel security update
2006-08-24 00:20:09
mageia
mageia
Updated xen package fixes security issues
2013-07-01 23:17:22
Updated xen packages fix security vulnerability
2017-01-09 23:29:57
vmware
vmware
Updated Service Console packages (XFree86, UP and SMP kernels, Kerberos libraries) resolve security issues.
2007-07-05 00:00:00
osv
osv
kernel-source-2.4.27 - several vulnerabilities
2006-06-14 00:00:00
xen - security update
2014-08-18 00:00:00
kernel-source-2.6.8 - several vulnerabilities
2006-06-27 00:00:00
debian
debian
[SECURITY] [DSA 1097-1] New Kernel 2.4.27 packages fix several vulnerabilities
2006-06-14 00:00:00
[SECURITY] [DSA 3006-1] xen security update
2014-08-18 12:41:52
[SECURITY] [DSA 1103-1] New Linux kernel 2.6.8 packages fix several vulnerabilities
2006-06-27 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2006-06-15 00:00:00
gentoo
gentoo
Xen: Multiple vulnerabilities
2013-09-27 00:00:00

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:H/Au:S/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

24.9%

JSON
Related for UB:CVE-2013-2076
prion4debiancve3cve4xen1nessus23securityvulns7ubuntucve3freebsd1openvas50freebsd_advisory1fedora19redhat3suse4centos3mageia2vmware1osv3debian3ubuntu1gentoo1