CVE-2013-1442
Xen 4.0-4.3.x - Information Disclosure via XSAVE/XRSTOR Register Handling
Title source: llmDescription
Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers.
References (6)
Core 6
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/09/25/2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029090
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201407-03.xml
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-3006
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html
Scores
EPSS
0.0011
EPSS Percentile
28.9%
Details
CWE
CWE-200
Status
published
Products (16)
xen/xen
4.0.0
xen/xen
4.0.1
xen/xen
4.0.2
xen/xen
4.0.3
xen/xen
4.0.4
xen/xen
4.1.0
xen/xen
4.1.1
xen/xen
4.1.2
xen/xen
4.1.3
xen/xen
4.1.4
... and 6 more
Published
Sep 30, 2013
Tracked Since
Feb 18, 2026