1. Home
  2. Security Advisories
  3. Xen
  4. XSA-40

[XSA-40] Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests.

Severity Medium
Affected Packages 1
CVEs 1
Info Packages References Vulnerabilities

ISSUE DESCRIPTION

xen_failsafe_callback incorrectly sets up its stack if an iret fault is
injected by the hypervisor.

IMPACT

Malicious or buggy unprivileged userspace can cause the guest kernel to
crash, or operate erroneously.

VULNERABLE SYSTEMS

All 32bit PVOPS versions of Linux are affected, since the introduction
of Xen PVOPS support in 2.6.23. Classic-Xen kernels are not vulnerable.

Package Affected Version
pkg:generic/xen
ID
XSA-40
Severity
medium
Severity from
CVE-2013-0190
URL
http://xenbits.xen.org/xsa/advisory-40.html
Published
2013-01-16T14:50:00
(11 years ago)
Modified
2013-01-16T14:50:00
(11 years ago)
Rights
Xen Project
Other Advisories
Source # ID Name URL
Xen Project XSA-40 Security Advisory http://xenbits.xen.org/xsa/advisory-40.html
Xen Project XSA-40 Signed Security Advisory http://xenbits.xen.org/xsa/advisory-40.txt
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:generic/xen xen
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date