Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
xenXen ProjectXSA-82
HistoryDec 02, 2013 - 5:13 p.m.

Guest triggerable AMD CPU erratum may cause host hang

2013-12-0217:13:00
Xen Project
xenbits.xen.org
69

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

9.3%

JSON

ISSUE DESCRIPTION

AMD CPU erratum 793 “Specific Combination of Writes to Write Combined Memory Types and Locked Instructions May Cause Core Hang” describes a situation under which a CPU core may hang.

IMPACT

A malicious guest administrator can mount a denial of service attack affecting the whole system.

VULNERABLE SYSTEMS

The vulnerability is applicable only to family 16h model 00h-0fh AMD CPUs.
Such CPUs running Xen versions 3.3 onwards are vulnerable. We have not checked earlier versions of Xen.
HVM guests can always exploit the vulnerability if it is present. PV guests can exploit the vulnerability only if they have been granted access to physical device(s).
Non-AMD CPUs are not vulnerable.

Related

nessus 30
prion 1
debiancve 1
cve 1
ubuntucve 1
openvas 84
fedora 34
debian 3
osv 2
suse 12
redhat 1
centos 1
oraclelinux 3
securityvulns 1
mageia 10
gentoo 1
nessus
nessus
Fedora 19 : xen-4.2.3-11.fc19 (2013-22888)
2013-12-17 00:00:00
Fedora 20 : xen-4.3.1-5.fc20 (2013-22754)
2013-12-14 00:00:00
OracleVM 3.1 : xen (OVMSA-2013-0091)
2014-11-26 00:00:00
prion
prion
Information disclosure
2013-11-29 04:33:00
debiancve
debiancve
CVE-2013-6885
2013-11-29 04:33:00
cve
cve
CVE-2013-6885
2013-11-29 04:33:00
ubuntucve
ubuntucve
CVE-2013-6885
2013-11-29 00:00:00
openvas
openvas
Fedora Update for xen FEDORA-2013-22754
2014-02-03 00:00:00
Fedora Update for xen FEDORA-2013-22754
2014-02-03 00:00:00
Debian Security Advisory DSA 3128-1 (linux - security update)
2015-01-15 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: xen-4.3.1-5.fc20
2013-12-14 02:53:08
[SECURITY] Fedora 20 Update: xen-4.3.1-6.fc20
2013-12-21 02:27:56
[SECURITY] Fedora 20 Update: xen-4.3.1-8.fc20
2014-02-03 02:43:51
debian
debian
[SECURITY] [DSA 3128-1] linux security update
2015-01-15 06:41:29
[SECURITY] [DSA 3128-1] linux security update
2015-01-15 06:41:29
[SECURITY] [DLA 155-1] linux-2.6 security update
2015-02-18 23:22:13
osv
osv
linux - security update
2015-01-15 00:00:00
linux-2.6 - security update
2015-02-18 00:00:00
suse
suse
Security update for Linux kernel (important)
2014-04-16 01:05:16
Security update for Linux Kernel (important)
2014-03-28 02:04:16
Security update for Linux kernel (important)
2014-04-17 02:05:07
redhat
redhat
(RHSA-2014:0285) Important: kernel security, bug fix, and enhancement update
2014-03-12 00:00:00
centos
centos
kernel security update
2014-03-13 10:35:06
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2014-03-13 00:00:00
kernel security, bug fix, and enhancement update
2014-03-12 00:00:00
Unbreakable Enterprise kernel security update
2014-05-19 00:00:00
securityvulns
securityvulns
Linux kernel multiple security vulnerabilities
2015-01-18 00:00:00
mageia
mageia
Updated kernel-vserver packages fix multiple vulnerabilities
2014-05-24 02:07:12
Updated kernel-vserver packages fix multiple vulnerabilities
2014-05-19 22:40:52
Updated kernel packages fix multiple vulnerabilities
2014-05-19 22:37:48
gentoo
gentoo
Xen: Multiple Vunlerabilities
2014-07-16 00:00:00

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

9.3%

JSON
Related for XSA-82
nessus30prion1debiancve1cve1ubuntucve1openvas84fedora34debian3osv2suse12redhat1centos1oraclelinux3securityvulns1mageia10gentoo1