CVE-2013-0151 - Vulnerability Details - OpenCVE

The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00127.

Key SSVC decision points have not yet been added.

Vendors	Products
Xen	Xen

Configuration 1 [-]

OR	cpe:2.3:o:xen:xen:4.2.0:-:::::x86:*
	cpe:2.3:o:xen:xen:4.2.1:-:::::x86:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2013-0194	The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://openwall.com/lists/oss-security/2013/01/22/10
http://secunia.com/advisories/55082
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://xenbits.xen.org/gitweb/?p=xen.git%3Ba=commit%3Bh=d60d7082289a74e44b3dc8f67df46c3404ca08bf
https://nvd.nist.gov/vuln/detail/CVE-2013-0151
https://www.cve.org/CVERecord?id=CVE-2013-0151

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-03-07T02:00:00

Updated: 2024-08-06T14:18:09.452Z

Reserved: 2012-12-06T00:00:00

Link: CVE-2013-0151

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-03-07T05:04:42.060

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-0151

Redhat

Severity : Moderate

Publid Date: 2013-01-22T00:00:00Z

Links: CVE-2013-0151 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-01-22T00:00:00", "descriptions": [{"lang": "en", "value": "The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-10-11T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "55082", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55082"}, {"name": "GLSA-201309-24", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/gitweb/?p=xen.git%3Ba=commit%3Bh=d60d7082289a74e44b3dc8f67df46c3404ca08bf"}, {"name": "[oss-security] 20130122 Xen Security Advisory 34 (CVE-2013-0151) - nested virtualization on 32-bit exposes host crash", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2013/01/22/10"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:18:09.452Z"}, "title": "CVE Program Container", "references": [{"name": "55082", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55082"}, {"name": "GLSA-201309-24", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://xenbits.xen.org/gitweb/?p=xen.git%3Ba=commit%3Bh=d60d7082289a74e44b3dc8f67df46c3404ca08bf"}, {"name": "[oss-security] 20130122 Xen Security Advisory 34 (CVE-2013-0151) - nested virtualization on 32-bit exposes host crash", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2013/01/22/10"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0151", "datePublished": "2013-03-07T02:00:00", "dateReserved": "2012-12-06T00:00:00", "dateUpdated": "2024-08-06T14:18:09.452Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:4.2.0:-:*:*:*:*:x86:*", "matchCriteriaId": "D66B1908-FEEF-455E-8C26-65139BF59900", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.1:-:*:*:*:*:x86:*", "matchCriteriaId": "21517C88-81CB-448D-98F3-0BAB6EDF08DD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs."}, {"lang": "es", "value": "La funci\u00f3n en xen/arch/x86/hvm/hvm.c en Xen v4.2.x en la plataforma x86_32 no previenen operaciones HVM_PARAM_NESTEDHVM (tambi\u00e9n conocido como virtualizaci\u00f3n anidada) lo que permite a usuarios invitados del SO generar una denegaci\u00f3n de servicio (asignaciones de p\u00e1gina de larga duraci\u00f3n y ca\u00edda del host OS) al aprovechar el acceso administrativo a un hu\u00e9sped HVM en un dominio con un gran n\u00famero de CPU virtuales."}], "id": "CVE-2013-0151", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.2, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-03-07T05:04:42.060", "references": [{"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2013/01/22/10"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/55082"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"}, {"source": "secalert@redhat.com", "url": "http://xenbits.xen.org/gitweb/?p=xen.git%3Ba=commit%3Bh=d60d7082289a74e44b3dc8f67df46c3404ca08bf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2013/01/22/10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/55082"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://xenbits.xen.org/gitweb/?p=xen.git%3Ba=commit%3Bh=d60d7082289a74e44b3dc8f67df46c3404ca08bf"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}