CVE-2013-2078

Upstream information

CVE-2013-2078 at MITRE

Description

Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	4.7
Vector	AV:L/AC:M/Au:N/C:N/I:N/A:C
Access Vector	Local
Access Complexity	Medium
Authentication	None
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Complete

SUSE Bugzilla entries: 813673 [RESOLVED / FIXED], 820920 [RESOLVED / FIXED], 880227 [VERIFIED]

SUSE Security Advisories:

SUSE-SU-2013:1075-1, published Tue, 25 Jun 2013 19:04:17 +0200 (CEST)
SUSE-SU-2013:1314-1, published Fri, 9 Aug 2013 16:04:13 +0200 (CEST)
openSUSE-SU-2013:1392-1, published Fri, 30 Aug 2013 16:04:11 +0200 (CEST)
openSUSE-SU-2013:1404-1, published Wed, 4 Sep 2013 15:04:10 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 11 SP2	`xen >= 4.1.5_02-0.5.1` `xen-doc-html >= 4.1.5_02-0.5.1` `xen-doc-pdf >= 4.1.5_02-0.5.1` `xen-kmp-default >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-kmp-pae >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-kmp-trace >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-libs >= 4.1.5_02-0.5.1` `xen-libs-32bit >= 4.1.5_02-0.5.1` `xen-tools >= 4.1.5_02-0.5.1` `xen-tools-domU >= 4.1.5_02-0.5.1`	Patchnames: sledsp2-xen-201305
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2	`xen >= 4.1.5_02-0.5.1` `xen-doc-html >= 4.1.5_02-0.5.1` `xen-doc-pdf >= 4.1.5_02-0.5.1` `xen-kmp-default >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-kmp-pae >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-kmp-trace >= 4.1.5_02_3.0.74_0.6.10-0.5.1` `xen-libs >= 4.1.5_02-0.5.1` `xen-libs-32bit >= 4.1.5_02-0.5.1` `xen-tools >= 4.1.5_02-0.5.1` `xen-tools-domU >= 4.1.5_02-0.5.1`	Patchnames: slessp2-xen-201305
SUSE Linux Enterprise Server 11 SP4	`xen >= 4.4.2_08-1.7` `xen-doc-html >= 4.4.2_08-1.7` `xen-kmp-default >= 4.4.2_08_3.0.101_63-1.7` `xen-kmp-pae >= 4.4.2_08_3.0.101_63-1.7` `xen-libs >= 4.4.2_08-1.7` `xen-libs-32bit >= 4.4.2_08-1.7` `xen-tools >= 4.4.2_08-1.7` `xen-tools-domU >= 4.4.2_08-1.7`
SUSE Linux Enterprise Software Development Kit 11 SP2	`xen-devel >= 4.1.5_02-0.5.1`	Patchnames: sdksp2-xen-201305
SUSE Linux Enterprise Software Development Kit 11 SP4	`xen-devel >= 4.4.2_08-1.7`
openSUSE 12.3	`xen >= 4.2.2_06-1.16.1` `xen-debugsource >= 4.2.2_06-1.16.1` `xen-devel >= 4.2.2_06-1.16.1` `xen-doc-html >= 4.2.2_06-1.16.1` `xen-doc-pdf >= 4.2.2_06-1.16.1` `xen-kmp-default >= 4.2.2_06_k3.7.10_1.16-1.16.1` `xen-kmp-default-debuginfo >= 4.2.2_06_k3.7.10_1.16-1.16.1` `xen-kmp-desktop >= 4.2.2_06_k3.7.10_1.16-1.16.1` `xen-kmp-desktop-debuginfo >= 4.2.2_06_k3.7.10_1.16-1.16.1` `xen-kmp-pae >= 4.2.2_06_k3.7.10_1.16-1.16.1` `xen-kmp-pae-debuginfo >= 4.2.2_06_k3.7.10_1.16-1.16.1` `xen-libs >= 4.2.2_06-1.16.1` `xen-libs-32bit >= 4.2.2_06-1.16.1` `xen-libs-debuginfo >= 4.2.2_06-1.16.1` `xen-libs-debuginfo-32bit >= 4.2.2_06-1.16.1` `xen-tools >= 4.2.2_06-1.16.1` `xen-tools-debuginfo >= 4.2.2_06-1.16.1` `xen-tools-domU >= 4.2.2_06-1.16.1` `xen-tools-domU-debuginfo >= 4.2.2_06-1.16.1`	Patchnames: openSUSE-2013-677

CVE-2013-2078

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

List of released packages

Support Offerings

Global Services

Support Resources

Partners

Communities

About