CVE-2013-2076

28.08.2013, 21:55

Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056.  NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	4.3 UNKNOWN	ADJACENT_NETWORK	HIGH	AV:A/AC:H/Au:S/C:C/I:N/A:N
redhat	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 40%

Vendor	Product	Version
xen	xen	4.0.0
xen	xen	4.0.1
xen	xen	4.0.2
xen	xen	4.0.3
xen	xen	4.0.4
xen	xen	4.2.0
xen	xen	4.2.1
xen	xen	4.2.2
xen	xen	4.1.0
xen	xen	4.1.1
xen	xen	4.1.2
xen	xen	4.1.3
xen	xen	4.1.4
xen	xen	4.1.5

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

xen

bullseye	4.14.6-1 fixed
bullseye (security)	4.14.5+94-ge49571868d-1 fixed
bookworm	4.17.3+10-g091466ba55-1~deb12u1 fixed
sid	4.17.3+36-g54dacb5c02-1 fixed
trixie	4.17.3+36-g54dacb5c02-1 fixed