CVE-2013-1442

Published: 30 September 2013

Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers.

Priority

Medium

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.3.0-1ubuntu2)
Patches:
Upstream: http://lists.xen.org/archives/html/xen-announce/2013-09/bind3QfiYrWBs.bin (4.1)
Upstream: http://lists.xen.org/archives/html/xen-announce/2013-09/bini6tc760v1O.bin (4.2, 4.3)
Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3
Launchpad, Ubuntu, Debian
Upstream Ignored
(reached end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Binaries built from this source package are in Universe and so are supported by the community.

Notes

AuthorNote
seth-arnold
Problem can be mitigated with the "no-xsave" hypervisor command
line option, which should be the default in 12.04 LTS and 12.10.
mdeslaur
This is XSA-62

References