CVE-2013-4368

The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register.

CVSS v2.0 1.9 LOW

1.9^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html
http://rhn.redhat.com/errata/RHSA-2013-1449.html
http://security.gentoo.org/glsa/glsa-201407-03.xml
http://www.debian.org/security/2014/dsa-3006
http://www.openwall.com/lists/oss-security/2013/10/10/10
https://exchange.xforce.ibmcloud.com/vulnerabilities/87799
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html
http://rhn.redhat.com/errata/RHSA-2013-1449.html
http://security.gentoo.org/glsa/glsa-201407-03.xml
http://www.debian.org/security/2014/dsa-3006
http://www.openwall.com/lists/oss-security/2013/10/10/10
https://exchange.xforce.ibmcloud.com/vulnerabilities/87799

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:xen:xen::::::::
	cpe:2.3:o:xen:xen:3.0.2:::::::*
	cpe:2.3:o:xen:xen:3.0.3:::::::*
	cpe:2.3:o:xen:xen:3.0.4:::::::*
	cpe:2.3:o:xen:xen:3.1.3:::::::*
	cpe:2.3:o:xen:xen:3.1.4:::::::*
	cpe:2.3:o:xen:xen:3.2.0:::::::*
	cpe:2.3:o:xen:xen:3.2.1:::::::*
	cpe:2.3:o:xen:xen:3.2.2:::::::*
	cpe:2.3:o:xen:xen:3.2.3:::::::*
	cpe:2.3:o:xen:xen:3.3.0:::::::*
	cpe:2.3:o:xen:xen:3.3.1:::::::*
	cpe:2.3:o:xen:xen:3.3.2:::::::*
	cpe:2.3:o:xen:xen:3.4.0:::::::*
	cpe:2.3:o:xen:xen:3.4.1:::::::*
	cpe:2.3:o:xen:xen:3.4.2:::::::*
	cpe:2.3:o:xen:xen:3.4.3:::::::*
	cpe:2.3:o:xen:xen:3.4.4:::::::*
	cpe:2.3:o:xen:xen:4.0.0:::::::*
	cpe:2.3:o:xen:xen:4.0.1:::::::*
	cpe:2.3:o:xen:xen:4.0.2:::::::*
	cpe:2.3:o:xen:xen:4.0.3:::::::*
	cpe:2.3:o:xen:xen:4.0.4:::::::*
	cpe:2.3:o:xen:xen:4.1.0:::::::*
	cpe:2.3:o:xen:xen:4.1.1:::::::*
	cpe:2.3:o:xen:xen:4.1.2:::::::*
	cpe:2.3:o:xen:xen:4.1.3:::::::*
	cpe:2.3:o:xen:xen:4.1.4:::::::*
	cpe:2.3:o:xen:xen:4.1.5:::::::*
	cpe:2.3:o:xen:xen:4.1.6.1:::::::*
	cpe:2.3:o:xen:xen:4.2.0:::::::*
	cpe:2.3:o:xen:xen:4.2.1:::::::*
	cpe:2.3:o:xen:xen:4.2.2:::::::*
	cpe:2.3:o:xen:xen:4.2.3:::::::*

History

21 Nov 2024, 01:55

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html -
References	~~() http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html -
References	~~() http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html -
References	~~() http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html -~~	() http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html -
References	~~() http://rhn.redhat.com/errata/RHSA-2013-1449.html -~~	() http://rhn.redhat.com/errata/RHSA-2013-1449.html -
References	~~() http://security.gentoo.org/glsa/glsa-201407-03.xml -~~	() http://security.gentoo.org/glsa/glsa-201407-03.xml -
References	~~() http://www.debian.org/security/2014/dsa-3006 -~~	() http://www.debian.org/security/2014/dsa-3006 -
References	~~() http://www.openwall.com/lists/oss-security/2013/10/10/10 -~~	() http://www.openwall.com/lists/oss-security/2013/10/10/10 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/87799 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/87799 -

Information

Published : 2013-10-17 23:55

Updated : 2024-11-21 01:55

NVD link : CVE-2013-4368

Mitre link : CVE-2013-4368

CVE.ORG link : CVE-2013-4368

JSON object : View

Products Affected

xen

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

1.9 /10