Vulnerability CVE-2013-0154

Vulnerability Name:

CVE-2013-0154 (CCN-80977)

Assigned:

2012-12-06

Published:

2013-01-04

Updated:

2017-08-29

Summary:

The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P)
1.4 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2013-0154

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:0446

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:0636

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:0637

Source: OSVDB
Type: UNKNOWN
88913

Source: CCN
Type: oss-sec mailing list, Fri, 04 Jan 2013 16:01:03 +0000
Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only)

Source: CCN
Type: xsa37-4.2.patch
x86: fix assertion in get_page_type()

Source: CONFIRM
Type: UNKNOWN
http://seclists.org/oss-sec/2013/q1/att-17/xsa37-4_2.patch

Source: SECUNIA
Type: UNKNOWN
55082

Source: GENTOO
Type: UNKNOWN
GLSA-201309-24

Source: MLIST
Type: UNKNOWN
[oss-security] 20130104 Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only)

Source: BID
Type: UNKNOWN
57159

Source: CCN
Type: BID-57159
Xen CVE-2013-0154 Local Denial Of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1027937

Source: CCN
Type: XenSource Web site
Xen

Source: XF
Type: UNKNOWN
xen-hypercall-dos(80977)

Source: XF
Type: UNKNOWN
xen-hypercall-dos(80977)

Vulnerable Configuration:

Configuration 1:

cpe:/o:xen:xen:4.2.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20130154	V	CVE-2013-0154	2022-05-20
oval:org.opensuse.security:def:33028	P	Security update for git (Low)	2021-10-20
oval:org.opensuse.security:def:33029	P	Security update for ncurses (Moderate)	2021-10-20
oval:org.opensuse.security:def:33730	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:33729	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:33706	P	Security update for unrar (Moderate)	2021-08-25
oval:org.opensuse.security:def:33705	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:32949	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:32950	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:33666	P	Security update for apache2-mod_auth_openidc (Important)	2021-06-08
oval:org.opensuse.security:def:32939	P	Security update for qemu (Important)	2021-06-08
oval:org.opensuse.security:def:33667	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:32937	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:32938	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:34452	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:34451	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:34411	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:34412	P	Security update for ImageMagick (Moderate)	2021-04-20
oval:org.opensuse.security:def:33773	P	Security update for perl-XML-Twig (Moderate)	2021-03-01
oval:org.opensuse.security:def:33774	P	Security update for MozillaFirefox (Important)	2021-03-01
oval:org.opensuse.security:def:28940	P	Security update for krb5-appl (Important)	2021-02-19
oval:org.opensuse.security:def:28939	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:28929	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:28928	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:28927	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:29367	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:29368	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:33617	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:33618	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:29225	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:29724	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:29009	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:29663	P	Security update for cvs (Moderate)	2020-12-01
oval:org.opensuse.security:def:33404	P	Security update for zeromq (Important)	2020-12-01
oval:org.opensuse.security:def:29282	P	Security update for xorg-x11-libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:30362	P	Security update for wireshark	2020-12-01
oval:org.opensuse.security:def:29140	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29681	P	Security update for ecryptfs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:33561	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:30399	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:29226	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:29725	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:29520	P	Security update for LibVNCServer (Critical)	2020-12-01
oval:org.opensuse.security:def:29283	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:30363	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:33163	P	libmysql55client18-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29574	P	Security update for Apache2	2020-12-01
oval:org.opensuse.security:def:30400	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:33258	P	squid3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29623	P	Security update for bsdtar (Moderate)	2020-12-01
oval:org.opensuse.security:def:29521	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:33315	P	openssh-openssl1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33164	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29008	P	Security update for gnutls (Important)	2020-12-01
oval:org.opensuse.security:def:29662	P	Security update for CVS	2020-12-01
oval:org.opensuse.security:def:29575	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33403	P	Security update for Salt (Moderate)	2020-12-01
oval:org.opensuse.security:def:33259	P	squidGuard on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29139	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29680	P	Security update for ecryptfs-utils	2020-12-01
oval:org.opensuse.security:def:29624	P	Security update for Mono	2020-12-01
oval:org.opensuse.security:def:33560	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:33316	P	openvpn-openssl1 on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:25115	P	SUSE-SU-2014:0446-1 -- Security update for Xen	2014-09-08
oval:com.ubuntu.precise:def:20130154000	V	CVE-2013-0154 on Ubuntu 12.04 LTS (precise) - medium.	2013-01-11

BACK