Vulnerability CVE-2013-2076

Vulnerability Name:

CVE-2013-2076 (CCN-84705)

Assigned:

2013-06-03

Published:

2013-06-03

Updated:

2023-02-13

Summary:

Xen when running on AMD64 systems could allow a local attacker to obtain sensitive information, caused by an error when handling XSAVE/XRSTOR instructions in the xrstor() function in i387.c file. When an exception is pending, a local attacker could exploit this vulnerability to obtain sensitive information.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:A/AC:H/Au:S/C:C/I:N/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:A/AC:H/Au:S/C:C/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): High Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

1.9 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N)
1.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2013-2076

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: SA53591
Xen XSAVE Support Information Disclosure and Denial of Service Vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: oss-sec Mailing List: Mon, 03 Jun 2013
Xen Security Advisory 52 (CVE-2013-2076) - Information leak on XSAVE/XRSTOR capable AMD CPUs

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-60282
Xen CVE-2013-2076 Information Disclosure Vulnerability

Source: CCN
Type: XenSource Web site
Xen

Source: XF
Type: UNKNOWN
xen-cve20132076-information-disclosure(84705)

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:55530	P	Security update for containerd (Moderate)	2023-04-13
oval:org.opensuse.security:def:20132076	V	CVE-2013-2076	2022-09-02
oval:org.opensuse.security:def:34681	P	Security update for the Linux Kernel (Important)	2022-01-13
oval:org.opensuse.security:def:57199	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:26218	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:29455	P	Security update for webkit2gtk3 (Important)	2021-12-01
oval:org.opensuse.security:def:34003	P	Security update for java-1_7_0-openjdk (Important)	2021-11-24
oval:org.opensuse.security:def:26161	P	Security update for samba (Important)	2021-11-10
oval:org.opensuse.security:def:33029	P	Security update for ncurses (Moderate)	2021-10-20
oval:org.opensuse.security:def:33028	P	Security update for git (Low)	2021-10-20
oval:org.opensuse.security:def:33730	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:33729	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:26143	P	Security update for curl (Moderate)	2021-10-11
oval:org.opensuse.security:def:26132	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:26131	P	Security update for xen (Moderate)	2021-09-21
oval:org.opensuse.security:def:55245	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:33706	P	Security update for unrar (Moderate)	2021-08-25
oval:org.opensuse.security:def:33705	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:33959	P	Security update for java-1_8_0-openjdk (Important)	2021-08-20
oval:org.opensuse.security:def:32160	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:55923	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:33935	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:26080	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:32949	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:32950	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:33666	P	Security update for apache2-mod_auth_openidc (Important)	2021-06-08
oval:org.opensuse.security:def:36582	P	xen-devel-4.4.2_08-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32937	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:32939	P	Security update for qemu (Important)	2021-06-08
oval:org.opensuse.security:def:33667	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:32938	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:42734	P	xen-4.4.2_08-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36327	P	xen-4.4.2_08-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:34452	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:32103	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:34451	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:29369	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:33896	P	Security update for MozillaFirefox (Important)	2021-04-27
oval:org.opensuse.security:def:34412	P	Security update for ImageMagick (Moderate)	2021-04-20
oval:org.opensuse.security:def:34411	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:33633	P	Security update for xorg-x11-server (Important)	2021-04-13
oval:org.opensuse.security:def:33790	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:26207	P	Security update for openssl-1_1 (Moderate)	2021-03-09
oval:org.opensuse.security:def:34641	P	Security update for open-iscsi (Important)	2021-03-01
oval:org.opensuse.security:def:33773	P	Security update for perl-XML-Twig (Moderate)	2021-03-01
oval:org.opensuse.security:def:33774	P	Security update for MozillaFirefox (Important)	2021-03-01
oval:org.opensuse.security:def:28940	P	Security update for krb5-appl (Important)	2021-02-19
oval:org.opensuse.security:def:28939	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:28928	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:28929	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:55842	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:32247	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:28927	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:29367	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:29368	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:29954	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:32011	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:33618	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:33617	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:27161	P	kdirstat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26335	P	security update for go (Low)	2020-12-01
oval:org.opensuse.security:def:33316	P	openvpn-openssl1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29804	P	Security update for inst-source-utils	2020-12-01
oval:org.opensuse.security:def:26964	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31793	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:29238	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:27503	P	libwsman-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55804	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:28575	P	Security update for OpenSSL	2020-12-01
oval:org.opensuse.security:def:33179	P	libsamplerate on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54973	P	pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29520	P	Security update for LibVNCServer (Critical)	2020-12-01
oval:org.opensuse.security:def:26594	P	libopensc2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32613	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33403	P	Security update for Salt (Moderate)	2020-12-01
oval:org.opensuse.security:def:29624	P	Security update for Mono	2020-12-01
oval:org.opensuse.security:def:26907	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31794	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:29140	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26658	P	MozillaFirefox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29910	P	Security update for libapr	2020-12-01
oval:org.opensuse.security:def:27681	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:25877	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:55079	P	cpp48 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27791	P	Security update for libgadu	2020-12-01
oval:org.opensuse.security:def:27236	P	lxc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32403	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:29662	P	Security update for CVS	2020-12-01
oval:org.opensuse.security:def:27290	P	shim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31805	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29225	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:26708	P	glibc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29725	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:33163	P	libmysql55client18-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29597	P	Security update for atftp (Important)	2020-12-01
oval:org.opensuse.security:def:26911	P	gstreamer-0_10-plugins-good on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30629	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:26436	P	Security update for pdns-recursor (Moderate)	2020-12-01
oval:org.opensuse.security:def:33545	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:55638	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27893	P	Security update for shim	2020-12-01
oval:org.opensuse.security:def:54562	P	libjpeg-turbo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29282	P	Security update for xorg-x11-libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:26506	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32547	P	libapr-util1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30362	P	Security update for wireshark	2020-12-01
oval:org.opensuse.security:def:26232	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:25952	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29521	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:26849	P	zoo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26416	P	Security update for nginx (Moderate)	2020-12-01
oval:org.opensuse.security:def:33404	P	Security update for zeromq (Important)	2020-12-01
oval:org.opensuse.security:def:29853	P	Security update for Linux Kernel	2020-12-01
oval:org.opensuse.security:def:27008	P	pango on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27587	P	xorg-x11-libXt-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33847	P	Security update for okular	2020-12-01
oval:org.opensuse.security:def:28610	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:33258	P	squid3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29574	P	Security update for Apache2	2020-12-01
oval:org.opensuse.security:def:26608	P	libxml2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33251	P	rsyslog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29157	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:29008	P	Security update for gnutls (Important)	2020-12-01
oval:org.opensuse.security:def:26473	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:33560	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29663	P	Security update for cvs (Moderate)	2020-12-01
oval:org.opensuse.security:def:27545	P	python-imaging on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29226	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:26809	P	puppet on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26244	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:33164	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27840	P	Security update for mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:57273	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:29158	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:27364	P	PolicyKit-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26302	P	Security update for python-PyYAML (Moderate)	2020-12-01
oval:org.opensuse.security:def:32459	P	Security update for xorg-x11-libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:29680	P	Security update for ecryptfs-utils	2020-12-01
oval:org.opensuse.security:def:27325	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31879	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:29283	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:26761	P	libpulse-browse0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30363	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:27160	P	kdenetwork4-filesharing on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33259	P	squidGuard on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29750	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:26950	P	libgdiplus0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29169	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:26517	P	NetworkManager-gnome on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55730	P	Security update for ntp (Important)	2020-12-01
oval:org.opensuse.security:def:27937	P	Security update for GraphicsMagick (Important)	2020-12-01
oval:org.opensuse.security:def:33168	P	libopensc2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54800	P	gstreamer-plugins-good on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26555	P	glib2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32569	P	libsoup-2_4-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30399	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:26233	P	Security update for python-reportlab (Important)	2020-12-01
oval:org.opensuse.security:def:33315	P	openssh-openssl1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29575	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26863	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54399	P	wdiff on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29009	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:26574	P	krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33561	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29892	P	Security update for Kerberos 5	2020-12-01
oval:org.opensuse.security:def:27646	P	Security update for libvirt	2020-12-01
oval:org.opensuse.security:def:25876	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:27738	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:27172	P	libadns1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33393	P	Security update for spacewalk	2020-12-01
oval:org.opensuse.security:def:29623	P	Security update for bsdtar (Moderate)	2020-12-01
oval:org.opensuse.security:def:26652	P	xorg-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33290	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54400	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29139	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26557	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29681	P	Security update for ecryptfs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:27580	P	xen-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33167	P	libnewt0_52 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29512	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26862	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30592	P	Security update for openswan	2020-12-01
oval:org.opensuse.security:def:26308	P	Security update for python modules (Low)	2020-12-01
oval:org.opensuse.security:def:33488	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:27879	P	Security update for rubygem-actionpack-2_3	2020-12-01
oval:org.opensuse.security:def:54422	P	argyllcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27446	P	libgadu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26453	P	Security update for kauth (Moderate)	2020-12-01
oval:org.opensuse.security:def:32508	P	expat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29724	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:25888	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26810	P	pure-ftpd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30400	P	Security update for Xen	2020-12-01
oval:org.mitre.oval:def:26366	P	DSA-3006-1 xen - security update	2014-10-27
oval:org.mitre.oval:def:25115	P	SUSE-SU-2014:0446-1 -- Security update for Xen	2014-09-08
oval:org.mitre.oval:def:25689	P	SUSE-SU-2013:1075-1 -- Security update for Xen	2014-09-08
oval:org.mitre.oval:def:25878	P	SUSE-SU-2013:1314-1 -- Security update for Xen	2014-09-08
oval:com.ubuntu.precise:def:20132076000	V	CVE-2013-2076 on Ubuntu 12.04 LTS (precise) - medium.	2013-08-28
oval:org.opensuse.security:def:79907	P	Security update for Xen	2013-05-31

BACK