[XSA-40] Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests.
Severity
Medium
Affected Packages
1
CVEs
1
ISSUE DESCRIPTION
xen_failsafe_callback incorrectly sets up its stack if an iret fault is
injected by the hypervisor.
IMPACT
Malicious or buggy unprivileged userspace can cause the guest kernel to
crash, or operate erroneously.
VULNERABLE SYSTEMS
All 32bit PVOPS versions of Linux are affected, since the introduction
of Xen PVOPS support in 2.6.23. Classic-Xen kernels are not vulnerable.
Package | Affected Version |
---|---|
pkg:generic/xen |
- ID
- XSA-40
- Severity
- medium
- Severity from
- CVE-2013-0190
- URL
- http://xenbits.xen.org/xsa/advisory-40.html
- Published
-
2013-01-16T14:50:00
(11 years ago) - Modified
-
2013-01-16T14:50:00
(11 years ago) - Rights
- Xen Project
- Other Advisories
-
- ALAS-2013-154
- ELSA-2013-0496
- ELSA-2013-2503
- ELSA-2013-2504
- FEDORA-2013-0952
- FEDORA-2013-1025
- FEDORA-2013-10695
- FEDORA-2013-12530
- FEDORA-2013-12990
- FEDORA-2013-13536
- FEDORA-2013-15151
- FEDORA-2013-16336
- FEDORA-2013-17010
- FEDORA-2013-17942
- FEDORA-2013-18364
- FEDORA-2013-18822
- FEDORA-2013-1961
- FEDORA-2013-20748
- FEDORA-2013-21822
- FEDORA-2013-22695
- FEDORA-2013-2597
- FEDORA-2013-2635
- FEDORA-2013-2728
- FEDORA-2013-3086
- FEDORA-2013-3106
- FEDORA-2013-3223
- FEDORA-2013-3630
- FEDORA-2013-3893
- FEDORA-2013-3909
- FEDORA-2013-4012
- FEDORA-2013-4240
- FEDORA-2013-4357
- FEDORA-2013-5368
- FEDORA-2013-6041
- FEDORA-2013-6537
- FEDORA-2013-6999
- FEDORA-2013-9123
- RHSA-2013:0496
- USN-1719-1
- USN-1720-1
- USN-1725-1
- USN-1728-1
- USN-1767-1
- USN-1768-1
- USN-1769-1
- USN-1774-1
Source | # ID | Name | URL |
---|---|---|---|
Xen Project | XSA-40 | Security Advisory | http://xenbits.xen.org/xsa/advisory-40.html |
Xen Project | XSA-40 | Signed Security Advisory | http://xenbits.xen.org/xsa/advisory-40.txt |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:generic/xen | xen |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |