PT-2013-3138 · Xen+1 · Xen+1

Jan Beulich

Published

2013-09-30

Updated

2024-06-15

CVE-2013-1442

CVSS v2.0

1.2

Low

Vector

AV:L/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Xen versions 4.0 through 4.3.x

Description The issue allows local guest OSes to obtain sensitive information by reading registers due to improper clearing of previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, specifically on AVX or LWP capable CPUs.

Recommendations For Xen versions 4.0 through 4.3.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2013-1442

DSA-3006-1

OPENSUSE-SU-2024:10196-1

Affected Products

Suse

Xen

PT-2013-3138 · Xen+1 · Xen+1

CVE-2013-1442

Weakness Enumeration

Related Identifiers

Affected Products

References · 135