Vulnerability CVE-2013-2078

Vulnerability Name:

CVE-2013-2078 (CCN-84703)

Assigned:

2013-06-03

Published:

2013-06-03

Updated:

2014-12-12

Summary:

Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction.

CVSS v3 Severity:

6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

4.7 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C)
3.5 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2013-2078

Source: CCN
Type: SA53591
Xen XSAVE Support Information Disclosure and Denial of Service Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
55082

Source: GENTOO
Type: UNKNOWN
GLSA-201309-24

Source: DEBIAN
Type: UNKNOWN
DSA-3006

Source: CCN
Type: oss-sec Mailing List: Mon, 03 Jun 2013
Xen Security Advisory 54 (CVE-2013-2078) - Hypervisor crash due to missing exception recovery on XSETBV

Source: MLIST
Type: UNKNOWN
[oss-security] 20130603 Xen Security Advisory 54 (CVE-2013-2078) - Hypervisor crash due to missing exception recovery on XSETBV

Source: CCN
Type: BID-60278
Xen CVE-2013-2078 Remote Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1028613

Source: CCN
Type: XenSource Web site
Xen

Source: XF
Type: UNKNOWN
xen-cve20132078-dos(84703)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-2078

Vulnerable Configuration:

Configuration 1:

cpe:/o:xen:xen:4.0.2:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.0.3:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.0.4:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.0:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.1:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.2:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.3:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.4:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.5:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.2.0:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.2.1:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.2.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:55530	P	Security update for containerd (Moderate)	2023-04-13
oval:org.opensuse.security:def:20132078	V	CVE-2013-2078	2022-05-20
oval:org.opensuse.security:def:34681	P	Security update for the Linux Kernel (Important)	2022-01-13
oval:org.opensuse.security:def:57199	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:26218	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:29455	P	Security update for webkit2gtk3 (Important)	2021-12-01
oval:org.opensuse.security:def:34003	P	Security update for java-1_7_0-openjdk (Important)	2021-11-24
oval:org.opensuse.security:def:26161	P	Security update for samba (Important)	2021-11-10
oval:org.opensuse.security:def:26143	P	Security update for curl (Moderate)	2021-10-11
oval:org.opensuse.security:def:26132	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:26131	P	Security update for xen (Moderate)	2021-09-21
oval:org.opensuse.security:def:55245	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:33959	P	Security update for java-1_8_0-openjdk (Important)	2021-08-20
oval:org.opensuse.security:def:32160	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:55923	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:33935	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:26080	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:42734	P	xen-4.4.2_08-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36327	P	xen-4.4.2_08-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36582	P	xen-devel-4.4.2_08-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32103	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:29369	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:33896	P	Security update for MozillaFirefox (Important)	2021-04-27
oval:org.opensuse.security:def:33633	P	Security update for xorg-x11-server (Important)	2021-04-13
oval:org.opensuse.security:def:33790	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:26207	P	Security update for openssl-1_1 (Moderate)	2021-03-09
oval:org.opensuse.security:def:34641	P	Security update for open-iscsi (Important)	2021-03-01
oval:org.opensuse.security:def:55842	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:32247	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:32011	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:29954	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:25888	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26555	P	glib2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27290	P	shim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26416	P	Security update for nginx (Moderate)	2020-12-01
oval:org.opensuse.security:def:26761	P	libpulse-browse0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26907	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26232	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:26436	P	Security update for pdns-recursor (Moderate)	2020-12-01
oval:org.opensuse.security:def:26809	P	puppet on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26964	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27236	P	lxc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27587	P	xorg-x11-libXt-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27879	P	Security update for rubygem-actionpack-2_3	2020-12-01
oval:org.opensuse.security:def:28610	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:29169	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:29512	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29853	P	Security update for Linux Kernel	2020-12-01
oval:org.opensuse.security:def:30592	P	Security update for openswan	2020-12-01
oval:org.opensuse.security:def:54400	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54973	P	pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55638	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31793	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32403	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:32569	P	libsoup-2_4-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33258	P	squid3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25952	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26302	P	Security update for python-PyYAML (Moderate)	2020-12-01
oval:org.opensuse.security:def:26594	P	libopensc2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27325	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26473	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26810	P	pure-ftpd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27545	P	python-imaging on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26233	P	Security update for python-reportlab (Important)	2020-12-01
oval:org.opensuse.security:def:26517	P	NetworkManager-gnome on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26862	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27008	P	pango on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27160	P	kdenetwork4-filesharing on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27364	P	PolicyKit-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27738	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:27893	P	Security update for shim	2020-12-01
oval:org.opensuse.security:def:29238	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:29597	P	Security update for atftp (Important)	2020-12-01
oval:org.opensuse.security:def:29892	P	Security update for Kerberos 5	2020-12-01
oval:org.opensuse.security:def:30629	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:54422	P	argyllcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55079	P	cpp48 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55730	P	Security update for ntp (Important)	2020-12-01
oval:org.opensuse.security:def:31794	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32459	P	Security update for xorg-x11-libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:32613	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33167	P	libnewt0_52 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33393	P	Security update for spacewalk	2020-12-01
oval:org.opensuse.security:def:25876	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:26453	P	Security update for kauth (Moderate)	2020-12-01
oval:org.opensuse.security:def:26608	P	libxml2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26557	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26849	P	zoo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27580	P	xen-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26244	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:26574	P	krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26911	P	gstreamer-0_10-plugins-good on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27646	P	Security update for libvirt	2020-12-01
oval:org.opensuse.security:def:27161	P	kdirstat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27446	P	libgadu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27791	P	Security update for libgadu	2020-12-01
oval:org.opensuse.security:def:27937	P	Security update for GraphicsMagick (Important)	2020-12-01
oval:org.opensuse.security:def:29157	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:29750	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:29910	P	Security update for libapr	2020-12-01
oval:org.opensuse.security:def:54562	P	libjpeg-turbo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55804	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:57273	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:31805	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32508	P	expat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33251	P	rsyslog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33168	P	libopensc2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33488	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:33847	P	Security update for okular	2020-12-01
oval:org.opensuse.security:def:25877	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26506	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26652	P	xorg-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26335	P	security update for go (Low)	2020-12-01
oval:org.opensuse.security:def:26708	P	glibc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26863	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26308	P	Security update for python modules (Low)	2020-12-01
oval:org.opensuse.security:def:26658	P	MozillaFirefox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26950	P	libgdiplus0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27681	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:27172	P	libadns1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27503	P	libwsman-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27840	P	Security update for mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:28575	P	Security update for OpenSSL	2020-12-01
oval:org.opensuse.security:def:29158	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:29804	P	Security update for inst-source-utils	2020-12-01
oval:org.opensuse.security:def:54399	P	wdiff on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54800	P	gstreamer-plugins-good on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31879	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:32547	P	libapr-util1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33290	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33179	P	libsamplerate on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33545	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.mitre.oval:def:26366	P	DSA-3006-1 xen - security update	2014-10-27
oval:org.mitre.oval:def:25689	P	SUSE-SU-2013:1075-1 -- Security update for Xen	2014-09-08
oval:org.mitre.oval:def:25878	P	SUSE-SU-2013:1314-1 -- Security update for Xen	2014-09-08
oval:com.ubuntu.precise:def:20132078000	V	CVE-2013-2078 on Ubuntu 12.04 LTS (precise) - medium.	2013-08-14
oval:org.opensuse.security:def:79907	P	Security update for Xen	2013-05-31

BACK