FKIE_CVE-2013-4551

Vulnerability from fkie_nvd - Published: 2013-11-18 02:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution."
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html
secalert@redhat.comhttp://secunia.com/advisories/55398Vendor Advisory
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-201407-03.xml
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2013/11/11/1
secalert@redhat.comhttp://www.securityfocus.com/bid/63625
secalert@redhat.comhttp://www.securitytracker.com/id/1029313
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/88649
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55398Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201407-03.xml
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/11/11/1
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/63625
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029313
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/88649
Impacted products
Vendor Product Version
xen xen 4.2.0
xen xen 4.2.1
xen xen 4.2.2
xen xen 4.2.3
xen xen 4.3.0
xen xen 4.3.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47640819-FC43-49ED-8A77-728C3D7255B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2448537F-87AD-45C1-9FB0-7A49CA31BD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E36B2265-70E1-413B-A7CF-79D39E9ADCFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF948E6A-07BE-4C7D-8A98-002E89D35F4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0E23B94-1726-4F63-84BB-8D83FAB156D7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to \"guest VMX instruction execution.\""
    },
    {
      "lang": "es",
      "value": "Xen 4.2.x y 4.3.x, cuando la virtualizaci\u00f3n anidada es desactivada, no comprueba correctamente las rutas de emulaci\u00f3n para VMLAUNCH y (2) VMRESUME, lo que permite a usuarios HVM locales provocar una denegaci\u00f3n de servicio (cierre del host) a trav\u00e9s de vectores sin especificar, relacionados con \"ejecuci\u00f3n de instrucci\u00f3n VMX en invitado\"."
    }
  ],
  "id": "CVE-2013-4551",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 5.7,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 5.5,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-11-18T02:55:08.047",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/55398"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/11/11/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/63625"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1029313"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88649"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/55398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/11/11/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/63625"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1029313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88649"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.