CVE-2013-0151

Name of the Vulnerable Software and Affected Versions Xen version 4.2.x

Description The issue allows guest OS users to cause a denial of service by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs, resulting in long-duration page mappings and host OS crash. This is due to the do hvm op function not preventing HVM PARAM NESTEDHVM operations.

Recommendations For Xen version 4.2.x, consider restricting administrative access to HVM guests or limiting the number of VCPUs in a domain to minimize the risk of exploitation. As a temporary workaround, consider disabling the do hvm op function or restricting HVM PARAM NESTEDHVM operations until a patch is available.