CVE-2013-1442

Published: 30 September 2013

Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers.

Priority

Medium

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian 		Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.3.0-1ubuntu2)
Patches:
Upstream: http://lists.xen.org/archives/html/xen-announce/2013-09/bind3QfiYrWBs.bin (4.1)
Upstream: http://lists.xen.org/archives/html/xen-announce/2013-09/bini6tc760v1O.bin (4.2, 4.3)
Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3
Launchpad, Ubuntu, Debian 		Upstream Ignored
(reached end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Binaries built from this source package are in Universe and so are supported by the community.

Notes

AuthorNote
seth-arnold 
Problem can be mitigated with the "no-xsave" hypervisor command
line option, which should be the default in 12.04 LTS and 12.10.
mdeslaur 
This is XSA-62

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading