CVE-2013-0151
Published: 7 March 2013
The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs.
Notes
| Author | Note |
|---|---|
| mdeslaur | This is XSA-34 Only Xen version 4.2.x is vulnerable. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
xen Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| oneiric |
Not vulnerable
|
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
(4.1.3-3ubuntu1.2)
|
|
| upstream |
Needs triage
|
|
| Binaries built from this source package are in Universe and so are supported by the community. | ||
|
xen-3.1 Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
| lucid |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
| Binaries built from this source package are in Universe and so are supported by the community. | ||
|
xen-3.2 Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
| lucid |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
| Binaries built from this source package are in Universe and so are supported by the community. | ||
|
xen-3.3 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
| Binaries built from this source package are in Universe and so are supported by the community. | ||