CVE-2013-1917

Published: 13 May 2013

Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction.

Priority

Medium

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.2.1-0ubuntu3.1)
Patches:
Upstream: http://lists.xen.org/archives/html/xen-announce/2013-04/binGS8guTt3VO.bin (4.0)
Upstream: http://lists.xen.org/archives/html/xen-announce/2013-04/binEL_7UvL5vH.bin (4.1)
Upstream: http://lists.xen.org/archives/html/xen-announce/2013-04/binGlTcGmAZhQ.bin (4.2)
Upstream: http://lists.xen.org/archives/html/xen-announce/2013-04/binswL9iUJWNc.bin (unstable)
Binaries built from this source package are in Universe and so are supported by the community.
xen-3.1
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

xen-3.2
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

xen-3.3
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Binaries built from this source package are in Universe and so are supported by the community.

Notes

AuthorNote
mdeslaur
hypervisor packages are in universe. For
issues in the hypervisor, add appropriate
tags to each section, ex:
Tags_xen: universe-binary
seth-arnold
only 64-bit paravirtualized guests on Intel CPUs

References