Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-0151

The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs.

Related bugs and status

CVE-2013-0151 (Candidate) is related to these bugs:

Bug #1180397: [MRE] Xen stable update to 4.2.2

Summary				In	Importance	Status
	1180397	[MRE] Xen stable update to 4.2.2		xen (Ubuntu)	Low	Fix Released
	1180397	[MRE] Xen stable update to 4.2.2		xen (Ubuntu Raring)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://security.gentoo...
MISC: http://openwall.com/li...
MISC: http://xenbits.xen.org...