Vulnerability Name:

CVE-2013-0190 (CCN-81341)

Assigned:2012-12-06
Published:2013-01-16
Updated:2013-03-08
Summary:The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.0 Medium (REDHAT CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:N/A:C)
3.0 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2013-0190

Source: CCN
Type: RHSA-2013-0496
Important: Red Hat Enterprise Linux 6 kernel update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0496

Source: CCN
Type: SA51834
Xen "xen_failsafe_callback()" IRET Handling Denial of Service Weakness

Source: CCN
Type: SA51906
Linux Kernel "xen_failsafe_callback()" IRET Handling Denial of Service Weakness

Source: CCN
Type: SA53861
OpenVZ update for kernel

Source: CCN
Type: OpenVZ Web site
OpenVZ

Source: CCN
Type: Linux Kernel Changelog
Linux 3.0.60

Source: CCN
Type: oss-sec mailing list, Wed, 16 Jan 2013 12:00:55 +0000
xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests

Source: MLIST
Type: UNKNOWN
[oss-security] 20130116 [PATCH] xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests.

Source: MLIST
Type: UNKNOWN
[oss-security] 20130116 Xen Security Advisory 40 (CVE-2013-0190) - Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests.

Source: BID
Type: UNKNOWN
57433

Source: CCN
Type: BID-57433
Xen 'xen_failsafe_callback()' Function Local Denial of Service Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-1725-1

Source: UBUNTU
Type: UNKNOWN
USN-1728-1

Source: CCN
Type: XenSource Web site
Xen

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=896038

Source: XF
Type: UNKNOWN
xen-failsafecallback-dos(81341)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 2.6.23)

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:xensource:xen:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:xensource:xen:4.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.4:-:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:27657
    P
    ELSA-2013-2504 -- Unbreakable Enterprise kernel security update (moderate)
    2015-03-16
    oval:org.mitre.oval:def:27517
    P
    ELSA-2013-2503 -- Unbreakable Enterprise kernel security update (moderate)
    2014-12-15
    oval:org.mitre.oval:def:18241
    P
    USN-1767-1 -- linux vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:18180
    P
    USN-1725-1 -- linux vulnerability
    2014-06-30
    oval:org.mitre.oval:def:18316
    P
    USN-1768-1 -- linux-lts-quantal vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:17503
    P
    USN-1728-1 -- linux-ec2 vulnerability
    2014-06-30
    oval:org.mitre.oval:def:18200
    P
    USN-1774-1 -- linux-ti-omap4 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:17869
    P
    USN-1769-1 -- linux vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:18232
    P
    USN-1720-1 -- linux vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:18106
    P
    USN-1719-1 -- linux-lts-backport-oneiric vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:23868
    P
    ELSA-2013:0496: Red Hat Enterprise Linux 6 kernel update (Important)
    2014-05-26
    oval:org.mitre.oval:def:20908
    P
    RHSA-2013:0496: Red Hat Enterprise Linux 6 kernel update (Important)
    2014-02-17
    oval:com.redhat.rhsa:def:20130496
    P
    RHSA-2013:0496: Red Hat Enterprise Linux 6 kernel update (Important)
    2013-02-21
    oval:com.ubuntu.xenial:def:201301900000000
    V
    CVE-2013-0190 on Ubuntu 16.04 LTS (xenial) - medium.
    2013-02-13
    oval:com.ubuntu.precise:def:20130190000
    V
    CVE-2013-0190 on Ubuntu 12.04 LTS (precise) - medium.
    2013-02-12
    oval:com.ubuntu.trusty:def:20130190000
    V
    CVE-2013-0190 on Ubuntu 14.04 LTS (trusty) - medium.
    2013-02-12
    oval:com.ubuntu.xenial:def:20130190000
    V
    CVE-2013-0190 on Ubuntu 16.04 LTS (xenial) - medium.
    2013-02-12
    BACK
    linux linux kernel *
    xensource xen 3.0
    xensource xen 4.1
    redhat enterprise linux 6
    redhat enterprise linux 6
    linux linux kernel 3.0 rc1
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6
    linux linux kernel 3.4