Back to search
CVE-2013-1442
Published: Sep 30, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20130925 Xen Security Advisory 62 (CVE-2013-1442) - Information leak on AVX and/or LWP capable CPUs
mailing-list
x_refsource_MLIST
1029090
vdb-entry
x_refsource_SECTRACK
GLSA-201407-03
vendor-advisory
x_refsource_GENTOO
SUSE-SU-2014:0446
vendor-advisory
x_refsource_SUSE
DSA-3006
vendor-advisory
x_refsource_DEBIAN
openSUSE-SU-2013:1636
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now