CVE-2013-2078

Published: 14 August 2013

Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction.

Priority

Medium

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian 		Upstream Needed

Patches:
Upstream: http://lists.xen.org/archives/html/xen-announce/2013-06/bin_A0ey2XISB.bin
Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3
Launchpad, Ubuntu, Debian 		Upstream Ignored
(reached end-of-life)

Notes

AuthorNote
seth-arnold 
adding "no-xsave" to supervisor mitigates against the problem
mdeslaur 
This is XSA-54

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading