CVE-2013-0154
Published: 12 January 2013
The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
xen Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| oneiric |
Not vulnerable
|
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
(4.1.3-3ubuntu1.2)
|
|
| raring |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
|
xen-3.1 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(reached end-of-life)
|
| lucid |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
xen-3.2 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(reached end-of-life)
|
| lucid |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
xen-3.3 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| upstream |
Needs triage
|
Notes
| Author | Note |
|---|---|
| mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
| jdstrand | only affect Xen 4.2, and only when debugging enabled. Debugging is not enabled in Ubuntu 13.04. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0154
- http://xforce.iss.net/xforce/xfdb/80977
- http://www.securitytracker.com/id?1027937
- http://www.openwall.com/lists/oss-security/2013/01/04/2
- http://seclists.org/oss-sec/2013/q1/att-17/xsa37-4_2.patch
- http://osvdb.org/88913
- NVD
- Launchpad
- Debian