{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-02T00:00:00", "descriptions": [{"lang": "en", "value": "Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "55082", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55082"}, {"name": "FEDORA-2013-7432", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105533.html"}, {"name": "GLSA-201309-24", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"}, {"name": "DSA-2666", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2666"}, {"name": "59617", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/59617"}, {"name": "53312", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/53312"}, {"name": "SUSE-SU-2014:0446", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"}, {"name": "xen-cve20131952-dos(83968)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83968"}, {"name": "92984", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/92984"}, {"name": "[oss-security] 20130502 Xen Security Advisory 49 (CVE-2013-1952) - VT-d interrupt remapping source validation flaw for bridges", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/05/02/9"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:20:37.339Z"}, "title": "CVE Program Container", "references": [{"name": "55082", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55082"}, {"name": "FEDORA-2013-7432", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105533.html"}, {"name": "GLSA-201309-24", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"}, {"name": "DSA-2666", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2666"}, {"name": "59617", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/59617"}, {"name": "53312", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/53312"}, {"name": "SUSE-SU-2014:0446", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"}, {"name": "xen-cve20131952-dos(83968)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83968"}, {"name": "92984", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/92984"}, {"name": "[oss-security] 20130502 Xen Security Advisory 49 (CVE-2013-1952) - VT-d interrupt remapping source validation flaw for bridges", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/05/02/9"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1952", "datePublished": "2013-05-13T23:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:37.339Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "550223A9-B9F1-440A-8C25-9F0F76AF7301", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FC734D58-96E5-4DD2-8781-F8E0ADB96462", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "62CEC1BF-1922-410D-BCBA-C58199F574C7", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "923F2C2B-4A65-4823-B511-D0FEB7C7FAB2", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "C1A24DED-B2EC-4D9C-9FA4-DD37EF3E3BFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D532B60-C8DD-4A2F-9D05-E574D23EB754", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5D83CA8B-8E49-45FA-8FAB-C15052474542", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "27537DF5-7E0F-463F-BA87-46E329EE07AC", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "3EA4F978-9145-4FE6-B4F9-15207E52C40A", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "22A995FD-9B7F-4DF0-BECF-4B086E470F1E", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "47640819-FC43-49ED-8A77-728C3D7255B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "2448537F-87AD-45C1-9FB0-7A49CA31BD76", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors."}, {"lang": "es", "value": "Xen 4.x, cuando utiliza Intel VT-d para un bus capaz de dominar un dispositivo PCI, no comprueba correctamente la fuente de acceso a una interrupci\u00f3n de entradas en la tabla de resignaci\u00f3n para MSI de dispositivo puente, lo que permite que los dominios locales de clientes puedan causar una denegaci\u00f3n de servicio (inyecci\u00f3n de interrupci\u00f3n) a trav\u00e9s de vectores no especificados."}], "id": "CVE-2013-1952", "lastModified": "2017-08-29T01:33:12.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-05-13T23:55:02.000", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105533.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/92984"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/53312"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/55082"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2013/dsa-2666"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/05/02/9"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/59617"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83968"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Xen project for reporting this issue.", "bugzilla": {"description": "kernel: xen: VT-d interrupt remapping source validation flaw for bridges", "id": "956309", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=956309"}, "csaw": false, "cvss": {"cvss_base_score": "5.2", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C", "status": "draft"}, "details": ["Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors."], "name": "CVE-2013-1952", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel-xen", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2013-05-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-1952\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1952"], "statement": "Not vulnerable.\nThis issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5.\nThis issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor.", "threat_severity": "Moderate"}