← Voltar para CVEs
CVE-2013-1442
N/ADescricao
Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado9/30/2013
Ultima modificacao4/11/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
xen:xen
Fraquezas (CWE)
CWE-200
Referencias
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html(security@debian.org)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html(security@debian.org)
http://security.gentoo.org/glsa/glsa-201407-03.xml(security@debian.org)
http://www.debian.org/security/2014/dsa-3006(security@debian.org)
http://www.openwall.com/lists/oss-security/2013/09/25/2(security@debian.org)
http://www.securitytracker.com/id/1029090(security@debian.org)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html(af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201407-03.xml(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2014/dsa-3006(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2013/09/25/2(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1029090(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.