Upstream information

CVE-2013-2078 at MITRE

Description

Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.7
Vector AV:L/AC:M/Au:N/C:N/I:N/A:C
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
SUSE Bugzilla entries: 813673 [RESOLVED / FIXED], 820920 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP2
  • xen >= 4.1.5_02-0.5.1
  • xen-devel >= 4.1.5_02-0.5.1
  • xen-doc-html >= 4.1.5_02-0.5.1
  • xen-doc-pdf >= 4.1.5_02-0.5.1
  • xen-kmp-default >= 4.1.5_02_3.0.74_0.6.10-0.5.1
  • xen-kmp-pae >= 4.1.5_02_3.0.74_0.6.10-0.5.1
  • xen-kmp-trace >= 4.1.5_02_3.0.74_0.6.10-0.5.1
  • xen-libs >= 4.1.5_02-0.5.1
  • xen-libs-32bit >= 4.1.5_02-0.5.1
  • xen-tools >= 4.1.5_02-0.5.1
  • xen-tools-domU >= 4.1.5_02-0.5.1
Patchnames:
sdksp2-xen-201305
sledsp2-xen-201305
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
  • xen-devel >= 4.4.2_08-1.7
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA xen-devel-4.4.2_08-1.7
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server for SAP Applications 11 SP2
  • xen >= 4.1.5_02-0.5.1
  • xen-devel >= 4.1.5_02-0.5.1
  • xen-doc-html >= 4.1.5_02-0.5.1
  • xen-doc-pdf >= 4.1.5_02-0.5.1
  • xen-kmp-default >= 4.1.5_02_3.0.74_0.6.10-0.5.1
  • xen-kmp-pae >= 4.1.5_02_3.0.74_0.6.10-0.5.1
  • xen-kmp-trace >= 4.1.5_02_3.0.74_0.6.10-0.5.1
  • xen-libs >= 4.1.5_02-0.5.1
  • xen-libs-32bit >= 4.1.5_02-0.5.1
  • xen-tools >= 4.1.5_02-0.5.1
  • xen-tools-domU >= 4.1.5_02-0.5.1
Patchnames:
sdksp2-xen-201305
slessp2-xen-201305
SUSE Linux Enterprise Server 11 SP4
  • xen >= 4.4.2_08-1.7
  • xen-devel >= 4.4.2_08-1.7
  • xen-doc-html >= 4.4.2_08-1.7
  • xen-kmp-default >= 4.4.2_08_3.0.101_63-1.7
  • xen-kmp-pae >= 4.4.2_08_3.0.101_63-1.7
  • xen-libs >= 4.4.2_08-1.7
  • xen-libs-32bit >= 4.4.2_08-1.7
  • xen-tools >= 4.4.2_08-1.7
  • xen-tools-domU >= 4.4.2_08-1.7
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA xen-4.4.2_08-1.7
SUSE Linux Enterprise Software Development Kit 11 SP4 GA xen-devel-4.4.2_08-1.7
SUSE Linux Enterprise Software Development Kit 11 SP2
  • xen-devel >= 4.1.5_02-0.5.1
Patchnames:
sdksp2-xen-201305


SUSE Timeline for this CVE

CVE page created: Wed May 1 08:38:09 2019
CVE page last modified: Thu Dec 7 13:12:58 2023