Vulnerability Name:

CVE-2013-0154 (CCN-80977)

Assigned:2012-12-06
Published:2013-01-04
Updated:2017-08-29
Summary:The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P)
1.4 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2013-0154

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:0446

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:0636

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:0637

Source: OSVDB
Type: UNKNOWN
88913

Source: CCN
Type: oss-sec mailing list, Fri, 04 Jan 2013 16:01:03 +0000
Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only)

Source: CCN
Type: xsa37-4.2.patch
x86: fix assertion in get_page_type()

Source: CONFIRM
Type: UNKNOWN
http://seclists.org/oss-sec/2013/q1/att-17/xsa37-4_2.patch

Source: SECUNIA
Type: UNKNOWN
55082

Source: GENTOO
Type: UNKNOWN
GLSA-201309-24

Source: MLIST
Type: UNKNOWN
[oss-security] 20130104 Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only)

Source: BID
Type: UNKNOWN
57159

Source: CCN
Type: BID-57159
Xen CVE-2013-0154 Local Denial Of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1027937

Source: CCN
Type: XenSource Web site
Xen

Source: XF
Type: UNKNOWN
xen-hypercall-dos(80977)

Source: XF
Type: UNKNOWN
xen-hypercall-dos(80977)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:xen:xen:4.2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20130154
    V
    		CVE-2013-0154
    2022-05-20
    oval:org.opensuse.security:def:33028
    P
    		Security update for git (Low)
    2021-10-20
    oval:org.opensuse.security:def:33029
    P
    		Security update for ncurses (Moderate)
    2021-10-20
    oval:org.opensuse.security:def:33730
    P
    		Security update for strongswan (Important)
    2021-10-19
    oval:org.opensuse.security:def:33729
    P
    		Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:33706
    P
    		Security update for unrar (Moderate)
    2021-08-25
    oval:org.opensuse.security:def:33705
    P
    		Security update for openssl-1_1 (Important)
    2021-08-24
    oval:org.opensuse.security:def:32949
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:32950
    P
    		Security update for apache2 (Important)
    2021-06-17
    oval:org.opensuse.security:def:33666
    P
    		Security update for apache2-mod_auth_openidc (Important)
    2021-06-08
    oval:org.opensuse.security:def:32939
    P
    		Security update for qemu (Important)
    2021-06-08
    oval:org.opensuse.security:def:33667
    P
    		Security update for spice (Important)
    2021-06-08
    oval:org.opensuse.security:def:32937
    P
    		Security update for MozillaFirefox (Important)
    2021-06-08
    oval:org.opensuse.security:def:32938
    P
    		Security update for libX11 (Important)
    2021-06-08
    oval:org.opensuse.security:def:34452
    P
    		Security update for gstreamer-plugins-bad (Important)
    2021-06-07
    oval:org.opensuse.security:def:34451
    P
    		Security update for polkit (Important)
    2021-06-03
    oval:org.opensuse.security:def:34411
    P
    		Security update for sudo (Important)
    2021-04-20
    oval:org.opensuse.security:def:34412
    P
    		Security update for ImageMagick (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:33773
    P
    		Security update for perl-XML-Twig (Moderate)
    2021-03-01
    oval:org.opensuse.security:def:33774
    P
    		Security update for MozillaFirefox (Important)
    2021-03-01
    oval:org.opensuse.security:def:28940
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:28939
    P
    		Security update for java-1_7_1-ibm (Important)
    2021-02-18
    oval:org.opensuse.security:def:28929
    P
    		Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important)
    2021-02-10
    oval:org.opensuse.security:def:28928
    P
    		Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)
    2021-02-10
    oval:org.opensuse.security:def:28927
    P
    		Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)
    2021-02-10
    oval:org.opensuse.security:def:29367
    P
    		Security update for flac (Moderate)
    2021-01-04
    oval:org.opensuse.security:def:29368
    P
    		Security update for dovecot22 (Important)
    2021-01-04
    oval:org.opensuse.security:def:33617
    P
    		Security update for python-cryptography (Moderate)
    2020-12-04
    oval:org.opensuse.security:def:33618
    P
    		Security update for postgresql12 (Important)
    2020-12-04
    oval:org.opensuse.security:def:29225
    P
    		Security update for php53 (Important)
    2020-12-01
    oval:org.opensuse.security:def:29724
    P
    		Security update for MozillaFirefox, mozilla-nspr (Important)
    2020-12-01
    oval:org.opensuse.security:def:29009
    P
    		Security update for gnutls (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29663
    P
    		Security update for cvs (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33404
    P
    		Security update for zeromq (Important)
    2020-12-01
    oval:org.opensuse.security:def:29282
    P
    		Security update for xorg-x11-libX11 (Important)
    2020-12-01
    oval:org.opensuse.security:def:30362
    P
    		Security update for wireshark
    2020-12-01
    oval:org.opensuse.security:def:29140
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:29681
    P
    		Security update for ecryptfs-utils (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33561
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30399
    P
    		Security update for Xen
    2020-12-01
    oval:org.opensuse.security:def:29226
    P
    		Security update for postgresql94 (Important)
    2020-12-01
    oval:org.opensuse.security:def:29725
    P
    		Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:29520
    P
    		Security update for LibVNCServer (Critical)
    2020-12-01
    oval:org.opensuse.security:def:29283
    P
    		Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:30363
    P
    		Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33163
    P
    		libmysql55client18-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29574
    P
    		Security update for Apache2
    2020-12-01
    oval:org.opensuse.security:def:30400
    P
    		Security update for Xen
    2020-12-01
    oval:org.opensuse.security:def:33258
    P
    		squid3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29623
    P
    		Security update for bsdtar (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29521
    P
    		Security update for LibVNCServer (Important)
    2020-12-01
    oval:org.opensuse.security:def:33315
    P
    		openssh-openssl1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33164
    P
    		libmysqlclient15-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29008
    P
    		Security update for gnutls (Important)
    2020-12-01
    oval:org.opensuse.security:def:29662
    P
    		Security update for CVS
    2020-12-01
    oval:org.opensuse.security:def:29575
    P
    		Security update for apache2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33403
    P
    		Security update for Salt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33259
    P
    		squidGuard on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29139
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:29680
    P
    		Security update for ecryptfs-utils
    2020-12-01
    oval:org.opensuse.security:def:29624
    P
    		Security update for Mono
    2020-12-01
    oval:org.opensuse.security:def:33560
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33316
    P
    		openvpn-openssl1 on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:25115
    P
    		SUSE-SU-2014:0446-1 -- Security update for Xen
    2014-09-08
    oval:com.ubuntu.precise:def:20130154000
    V
    		CVE-2013-0154 on Ubuntu 12.04 LTS (precise) - medium.
    2013-01-11
    BACK
    xen xen 4.2.0