CVE-2013-2212

The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range.

Published: Aug 28, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-2212
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.7
AV:A/AC:M/Au:N/C:N/I:N/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
xen / xen	4.1.5	4.1.5.x
xen / xen	4.2.2	4.2.2.x
xen / xen	3.4.0	3.4.0.x
xen / xen	4.3.0	4.3.0.x
xen / xen	4.0.4	4.0.4.x
xen / xen	4.0.2	4.0.2.x
xen / xen	3.3.2	3.3.2.x
xen / xen	4.1.2	4.1.2.x
xen / xen	3.4.4	3.4.4.x
xen / xen	4.0.0	4.0.0.x
xen / xen	4.1.1	4.1.1.x
xen / xen	4.2.0	4.2.0.x
xen / xen	4.1.0	4.1.0.x
xen / xen	3.4.3	3.4.3.x
xen / xen	4.1.3	4.1.3.x
xen / xen	3.3.1	3.3.1.x
xen / xen	3.4.2	3.4.2.x
xen / xen	4.1.4	4.1.4.x
xen / xen	3.4.1	3.4.1.x
xen / xen	3.3.0	3.3.0.x
xen / xen	4.2.1	4.2.1.x
xen / xen	4.0.1	4.0.1.x
xen / xen	4.0.3	4.0.3.x

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
http://www.openwall.com/lists/oss-security/2013/07/24/6
https://security.gentoo.org/glsa/201504-04

Vulnerability Database

289,697

CVE-2013-2212