CVE-2013-1917

Upstream information

CVE-2013-1917 at MITRE

Description

Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction.

SUSE information

CVSS v2 Scores
	National Vulnerability Database
Base Score	1.85
Vector	AV:L/AC:M/Au:N/C:N/I:N/A:P
Access Vector	Local
Access Complexity	Medium
Authentication	None
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Partial

SUSE Bugzilla entries: 813673 [RESOLVED / FIXED], 840592 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SU-2013:1075-1, published Tue, 25 Jun 2013 19:04:17 +0200 (CEST)
SUSE-SU-2014:0411-1, published Thu, 20 Mar 2014 13:04:14 +0100 (CET)
SUSE-SU-2014:0446-1, published Tue, 25 Mar 2014 23:04:15 +0100 (CET)
SUSE-SU-2014:0470-1, published Tue, 1 Apr 2014 20:04:15 +0200 (CEST)
openSUSE-SU-2013:0912-1, published Mon, 10 Jun 2013 17:17:25 +0200 (CEST)
openSUSE-SU-2013:1392-1, published Fri, 30 Aug 2013 16:04:11 +0200 (CEST)
openSUSE-SU-2013:1404-1, published Wed, 4 Sep 2013 15:04:10 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 11 SP2	`xen >= 4.1.5_02-0.5.1` `xen-doc-html >= 4.1.5_02-0.5.1` `xen-doc-pdf >= 4.1.5_02-0.5.1` `xen-kmp-default >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-kmp-pae >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-kmp-trace >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-libs >= 4.1.5_02-0.5.1` `xen-libs-32bit >= 4.1.5_02-0.5.1` `xen-tools >= 4.1.5_02-0.5.1` `xen-tools-domU >= 4.1.5_02-0.5.1`	Patchnames: sledsp2-xen-201305
SUSE Linux Enterprise Desktop 12	`xen >= 4.4.1_06-2.2` `xen-kmp-default >= 4.4.1_06_k3.12.28_4-2.2` `xen-libs >= 4.4.1_06-2.2` `xen-libs-32bit >= 4.4.1_06-2.2`	Patchnames: SUSE Linux Enterprise Desktop 12 GA xen
SUSE Linux Enterprise Desktop 12 SP1	`xen >= 4.5.1_12-2.3` `xen-kmp-default >= 4.5.1_12_k3.12.49_11-2.3` `xen-libs >= 4.5.1_12-2.3` `xen-libs-32bit >= 4.5.1_12-2.3`	Patchnames: SUSE Linux Enterprise Desktop 12 SP1 GA xen
SUSE Linux Enterprise Desktop 12 SP2	`xen >= 4.7.0_12-23.4` `xen-libs >= 4.7.0_12-23.4` `xen-libs-32bit >= 4.7.0_12-23.4`	Patchnames: SUSE Linux Enterprise Desktop 12 SP2 GA xen
SUSE Linux Enterprise Server 11 SP1-LTSS	`xen >= 4.0.3_21548_16-0.5.1` `xen-doc-html >= 4.0.3_21548_16-0.5.1` `xen-doc-pdf >= 4.0.3_21548_16-0.5.1` `xen-kmp-default >= 4.0.3_21548_16_2.6.32.59_0.9-0.5.1` `xen-kmp-pae >= 4.0.3_21548_16_2.6.32.59_0.9-0.5.1` `xen-kmp-trace >= 4.0.3_21548_16_2.6.32.59_0.9-0.5.1` `xen-libs >= 4.0.3_21548_16-0.5.1` `xen-tools >= 4.0.3_21548_16-0.5.1` `xen-tools-domU >= 4.0.3_21548_16-0.5.1`	Patchnames: slessp1-xen-201402
SUSE Linux Enterprise Server 11 SP2	`xen >= 4.1.5_02-0.5.1` `xen-doc-html >= 4.1.5_02-0.5.1` `xen-doc-pdf >= 4.1.5_02-0.5.1` `xen-kmp-default >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-kmp-pae >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-kmp-trace >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-libs >= 4.1.5_02-0.5.1` `xen-libs-32bit >= 4.1.5_02-0.5.1` `xen-tools >= 4.1.5_02-0.5.1` `xen-tools-domU >= 4.1.5_02-0.5.1`	Patchnames: slessp2-xen-201305
SUSE Linux Enterprise Server 11 SP3	`xen >= 4.2.2_04-0.7.5` `xen-doc-html >= 4.2.2_04-0.7.5` `xen-doc-pdf >= 4.2.2_04-0.7.5` `xen-kmp-default >= 4.2.2_04_3.0.76_0.11-0.7.5` `xen-kmp-pae >= 4.2.2_04_3.0.76_0.11-0.7.5` `xen-libs >= 4.2.2_04-0.7.5` `xen-libs-32bit >= 4.2.2_04-0.7.5` `xen-tools >= 4.2.2_04-0.7.5` `xen-tools-domU >= 4.2.2_04-0.7.5`	Patchnames: SUSE Linux Enterprise Server 11 SP3 GA xen
SUSE Linux Enterprise Server 11 SP4	`xen >= 4.4.2_08-1.7` `xen-doc-html >= 4.4.2_08-1.7` `xen-kmp-default >= 4.4.2_08_3.0.101_63-1.7` `xen-kmp-pae >= 4.4.2_08_3.0.101_63-1.7` `xen-libs >= 4.4.2_08-1.7` `xen-libs-32bit >= 4.4.2_08-1.7` `xen-tools >= 4.4.2_08-1.7` `xen-tools-domU >= 4.4.2_08-1.7`	Patchnames: SUSE Linux Enterprise Server 11 SP4 GA xen
SUSE Linux Enterprise Server 12	`xen >= 4.4.1_06-2.2` `xen-doc-html >= 4.4.1_06-2.2` `xen-kmp-default >= 4.4.1_06_k3.12.28_4-2.2` `xen-libs >= 4.4.1_06-2.2` `xen-libs-32bit >= 4.4.1_06-2.2` `xen-tools >= 4.4.1_06-2.2` `xen-tools-domU >= 4.4.1_06-2.2`	Patchnames: SUSE Linux Enterprise Server 12 GA xen
SUSE Linux Enterprise Server 12 SP1	`xen >= 4.5.1_12-2.3` `xen-doc-html >= 4.5.1_12-2.3` `xen-kmp-default >= 4.5.1_12_k3.12.49_11-2.3` `xen-libs >= 4.5.1_12-2.3` `xen-libs-32bit >= 4.5.1_12-2.3` `xen-tools >= 4.5.1_12-2.3` `xen-tools-domU >= 4.5.1_12-2.3`	Patchnames: SUSE Linux Enterprise Server 12 SP1 GA xen
SUSE Linux Enterprise Server 12 SP2	`xen >= 4.7.0_12-23.4` `xen-doc-html >= 4.7.0_12-23.4` `xen-libs >= 4.7.0_12-23.4` `xen-libs-32bit >= 4.7.0_12-23.4` `xen-tools >= 4.7.0_12-23.4` `xen-tools-domU >= 4.7.0_12-23.4`	Patchnames: SUSE Linux Enterprise Server 12 SP2 GA xen
SUSE Linux Enterprise Server for VMWare 11 SP2	`xen >= 4.1.5_02-0.5.1` `xen-doc-html >= 4.1.5_02-0.5.1` `xen-doc-pdf >= 4.1.5_02-0.5.1` `xen-kmp-default >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-kmp-pae >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-kmp-trace >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-libs >= 4.1.5_02-0.5.1` `xen-libs-32bit >= 4.1.5_02-0.5.1` `xen-tools >= 4.1.5_02-0.5.1` `xen-tools-domU >= 4.1.5_02-0.5.1`	Patchnames: slessp2-xen-201305
SUSE Linux Enterprise Software Development Kit 11 SP2	`xen-devel >= 4.1.5_02-0.5.1`	Patchnames: sdksp2-xen-201305
SUSE Linux Enterprise Software Development Kit 11 SP4	`xen-devel >= 4.4.2_08-1.7`	Patchnames: SUSE Linux Enterprise Software Development Kit 11 SP4 GA xen-devel
SUSE Linux Enterprise Software Development Kit 12	`xen-devel >= 4.4.1_06-2.2`	Patchnames: SUSE Linux Enterprise Software Development Kit 12 GA xen-devel
SUSE Linux Enterprise Software Development Kit 12 SP1	`xen-devel >= 4.5.1_12-2.3`	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP1 GA xen-devel
SUSE Linux Enterprise Software Development Kit 12 SP2	`xen-devel >= 4.7.0_12-23.4`	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP2 GA xen-devel
SUSE Linux Enterprise Software Development Kit 11 SP2	`xen-devel >= 4.1.5_02-0.5.1`	Builds SAT Patch Nr: 7798
SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2	`xen-kmp-default >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-kmp-pae >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-kmp-trace >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-libs >= 4.1.5_02-0.5.1` `xen-tools-domU >= 4.1.5_02-0.5.1`	Builds SAT Patch Nr: 7798
SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2	`xen >= 4.1.5_02-0.5.1` `xen-doc-html >= 4.1.5_02-0.5.1` `xen-doc-pdf >= 4.1.5_02-0.5.1` `xen-kmp-default >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-kmp-trace >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-libs >= 4.1.5_02-0.5.1` `xen-libs-32bit >= 4.1.5_02-0.5.1` `xen-tools >= 4.1.5_02-0.5.1` `xen-tools-domU >= 4.1.5_02-0.5.1`	Builds SAT Patch Nr: 7798
SUSE Linux Enterprise Server 11 SP2 for VMware	`xen-kmp-trace >= 4.1.5_02_3.0.74_0.6.10-0.5.1`	Builds SAT Patch Nr: 7798
SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2	`vm-install >= 0.5.16-0.5.1`	SAT Patch Nr: 7795
SUSE Linux Enterprise Server 10 SP4 LTSS for x86	`xen >= 3.2.3_17040_46-0.7.1` `xen-devel >= 3.2.3_17040_46-0.7.1` `xen-doc-html >= 3.2.3_17040_46-0.7.1` `xen-doc-pdf >= 3.2.3_17040_46-0.7.1` `xen-doc-ps >= 3.2.3_17040_46-0.7.1` `xen-kmp-bigsmp >= 3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1` `xen-kmp-debug >= 3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1` `xen-kmp-default >= 3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1` `xen-kmp-kdump >= 3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1` `xen-kmp-kdumppae >= 3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1` `xen-kmp-smp >= 3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1` `xen-kmp-vmi >= 3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1` `xen-kmp-vmipae >= 3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1` `xen-libs >= 3.2.3_17040_46-0.7.1` `xen-tools >= 3.2.3_17040_46-0.7.1` `xen-tools-domU >= 3.2.3_17040_46-0.7.1` `xen-tools-ioemu >= 3.2.3_17040_46-0.7.1`	Builds ZYPP Patch Nr: 8791
SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T	`xen >= 3.2.3_17040_46-0.7.1` `xen-devel >= 3.2.3_17040_46-0.7.1` `xen-doc-html >= 3.2.3_17040_46-0.7.1` `xen-doc-pdf >= 3.2.3_17040_46-0.7.1` `xen-doc-ps >= 3.2.3_17040_46-0.7.1` `xen-kmp-debug >= 3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1` `xen-kmp-default >= 3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1` `xen-kmp-kdump >= 3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1` `xen-kmp-smp >= 3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1` `xen-libs >= 3.2.3_17040_46-0.7.1` `xen-libs-32bit >= 3.2.3_17040_46-0.7.1` `xen-tools >= 3.2.3_17040_46-0.7.1` `xen-tools-domU >= 3.2.3_17040_46-0.7.1` `xen-tools-ioemu >= 3.2.3_17040_46-0.7.1`	Builds ZYPP Patch Nr: 8791
SUSE Linux Enterprise Server 10 SP3 LTSS for x86	`xen >= 3.2.3_17040_28-0.6.21.3` `xen-devel >= 3.2.3_17040_28-0.6.21.3` `xen-doc-html >= 3.2.3_17040_28-0.6.21.3` `xen-doc-pdf >= 3.2.3_17040_28-0.6.21.3` `xen-doc-ps >= 3.2.3_17040_28-0.6.21.3` `xen-kmp-bigsmp >= 3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3` `xen-kmp-debug >= 3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3` `xen-kmp-default >= 3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3` `xen-kmp-kdump >= 3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3` `xen-kmp-kdumppae >= 3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3` `xen-kmp-smp >= 3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3` `xen-kmp-vmi >= 3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3` `xen-kmp-vmipae >= 3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3` `xen-libs >= 3.2.3_17040_28-0.6.21.3` `xen-tools >= 3.2.3_17040_28-0.6.21.3` `xen-tools-domU >= 3.2.3_17040_28-0.6.21.3` `xen-tools-ioemu >= 3.2.3_17040_28-0.6.21.3`	Builds ZYPP Patch Nr: 8808
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T	`xen >= 3.2.3_17040_28-0.6.21.3` `xen-devel >= 3.2.3_17040_28-0.6.21.3` `xen-doc-html >= 3.2.3_17040_28-0.6.21.3` `xen-doc-pdf >= 3.2.3_17040_28-0.6.21.3` `xen-doc-ps >= 3.2.3_17040_28-0.6.21.3` `xen-kmp-debug >= 3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3` `xen-kmp-default >= 3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3` `xen-kmp-kdump >= 3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3` `xen-kmp-smp >= 3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3` `xen-libs >= 3.2.3_17040_28-0.6.21.3` `xen-libs-32bit >= 3.2.3_17040_28-0.6.21.3` `xen-tools >= 3.2.3_17040_28-0.6.21.3` `xen-tools-domU >= 3.2.3_17040_28-0.6.21.3` `xen-tools-ioemu >= 3.2.3_17040_28-0.6.21.3`	Builds ZYPP Patch Nr: 8808
SUSE Linux Enterprise Server 11 SP1 LTSS	`xen >= 4.0.3_21548_16-0.5.1` `xen-doc-html >= 4.0.3_21548_16-0.5.1` `xen-doc-pdf >= 4.0.3_21548_16-0.5.1` `xen-kmp-default >= 4.0.3_21548_16_2.6.32.59_0.9-0.5.1` `xen-kmp-pae >= 4.0.3_21548_16_2.6.32.59_0.9-0.5.1` `xen-kmp-trace >= 4.0.3_21548_16_2.6.32.59_0.9-0.5.1` `xen-libs >= 4.0.3_21548_16-0.5.1` `xen-tools >= 4.0.3_21548_16-0.5.1` `xen-tools-domU >= 4.0.3_21548_16-0.5.1`	Builds SAT Patch Nr: 8963
SUSE Linux Enterprise Server 11 SP1 LTSS	`xen >= 4.0.3_21548_16-0.5.1` `xen-doc-html >= 4.0.3_21548_16-0.5.1` `xen-doc-pdf >= 4.0.3_21548_16-0.5.1` `xen-kmp-default >= 4.0.3_21548_16_2.6.32.59_0.9-0.5.1` `xen-kmp-trace >= 4.0.3_21548_16_2.6.32.59_0.9-0.5.1` `xen-libs >= 4.0.3_21548_16-0.5.1` `xen-tools >= 4.0.3_21548_16-0.5.1` `xen-tools-domU >= 4.0.3_21548_16-0.5.1`	Builds SAT Patch Nr: 8963
openSUSE 13.2	`xen >= 4.4.1_06-3.3` `xen-doc-html >= 4.4.1_06-3.3` `xen-kmp-default >= 4.4.1_06_k3.16.6_2-3.3` `xen-kmp-desktop >= 4.4.1_06_k3.16.6_2-3.3` `xen-libs >= 4.4.1_06-3.3` `xen-tools >= 4.4.1_06-3.3` `xen-tools-domU >= 4.4.1_06-3.3`	Patchnames: openSUSE 13.2 GA xen
openSUSE Evergreen 11.4	`xen >= 4.0.3_05-53.1` `xen-debugsource >= 4.0.3_05-53.1` `xen-devel >= 4.0.3_05-53.1` `xen-doc-html >= 4.0.3_05-53.1` `xen-doc-pdf >= 4.0.3_05-53.1` `xen-kmp-default >= 4.0.3_05_k2.6.37.6_24-53.1` `xen-kmp-default-debuginfo >= 4.0.3_05_k2.6.37.6_24-53.1` `xen-kmp-desktop >= 4.0.3_05_k2.6.37.6_24-53.1` `xen-kmp-desktop-debuginfo >= 4.0.3_05_k2.6.37.6_24-53.1` `xen-kmp-pae >= 4.0.3_05_k2.6.37.6_24-53.1` `xen-kmp-pae-debuginfo >= 4.0.3_05_k2.6.37.6_24-53.1` `xen-libs >= 4.0.3_05-53.1` `xen-libs-debuginfo >= 4.0.3_05-53.1` `xen-tools >= 4.0.3_05-53.1` `xen-tools-debuginfo >= 4.0.3_05-53.1` `xen-tools-domU >= 4.0.3_05-53.1` `xen-tools-domU-debuginfo >= 4.0.3_05-53.1`	Patchnames: 2013-70
openSUSE Leap 42.1	`xen >= 4.5.1_10-1.4` `xen-doc-html >= 4.5.1_10-1.4` `xen-kmp-default >= 4.5.1_10_k4.1.12_1-1.4` `xen-libs >= 4.5.1_10-1.4` `xen-tools >= 4.5.1_10-1.4` `xen-tools-domU >= 4.5.1_10-1.4`	Patchnames: openSUSE Leap 42.1 GA xen
openSUSE Leap 42.2	`xen >= 4.7.0_12-1.6` `xen-doc-html >= 4.7.0_12-1.6` `xen-libs >= 4.7.0_12-1.6` `xen-tools >= 4.7.0_12-1.6` `xen-tools-domU >= 4.7.0_12-1.6`	Patchnames: openSUSE Leap 42.2 GA xen
openSUSE Tumbleweed	`xen >= 4.7.0_12-1.3` `xen-devel >= 4.7.0_12-1.3` `xen-doc-html >= 4.7.0_12-1.3` `xen-libs >= 4.7.0_12-1.3` `xen-libs-32bit >= 4.7.0_12-1.3` `xen-tools >= 4.7.0_12-1.3` `xen-tools-domU >= 4.7.0_12-1.3`	Patchnames: openSUSE Tumbleweed GA xen