CVE-2013-0151

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-0151 at MITRE

Description

The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs.

NVD CVSS v2 Base Score: 4.6 (AV:A/AC:H/Au:N/C:N/I:N/A:C)

SUSE information

SUSE Bugzilla entry: 797285

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • xen >= 4.2.2_06-1.16.1
  • xen-debugsource >= 4.2.2_06-1.16.1
  • xen-devel >= 4.2.2_06-1.16.1
  • xen-doc-html >= 4.2.2_06-1.16.1
  • xen-doc-pdf >= 4.2.2_06-1.16.1
  • xen-kmp-default >= 4.2.2_06_k3.7.10_1.16-1.16.1
  • xen-kmp-default-debuginfo >= 4.2.2_06_k3.7.10_1.16-1.16.1
  • xen-kmp-desktop >= 4.2.2_06_k3.7.10_1.16-1.16.1
  • xen-kmp-desktop-debuginfo >= 4.2.2_06_k3.7.10_1.16-1.16.1
  • xen-kmp-pae >= 4.2.2_06_k3.7.10_1.16-1.16.1
  • xen-kmp-pae-debuginfo >= 4.2.2_06_k3.7.10_1.16-1.16.1
  • xen-libs >= 4.2.2_06-1.16.1
  • xen-libs-32bit >= 4.2.2_06-1.16.1
  • xen-libs-debuginfo >= 4.2.2_06-1.16.1
  • xen-libs-debuginfo-32bit >= 4.2.2_06-1.16.1
  • xen-tools >= 4.2.2_06-1.16.1
  • xen-tools-debuginfo >= 4.2.2_06-1.16.1
  • xen-tools-domU >= 4.2.2_06-1.16.1
  • xen-tools-domU-debuginfo >= 4.2.2_06-1.16.1
Patchnames:
openSUSE-2013-677