CVE-2013-4551

NameCVE-2013-4551
DescriptionXen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)wheezy4.1.4-3+deb7u9fixed
wheezy (security)4.1.6.lts1-11fixed
jessie (security), jessie4.4.1-9+deb8u10fixed
buster, sid, stretch (security), stretch4.8.2+xsa245-0+deb9u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensource(unstable)4.4.0-1medium
xensourcesqueeze(not affected)
xensourcewheezy(not affected)

Notes

[wheezy] - xen <not-affected> (Only affects 4.2.x and later)
[squeeze] - xen <not-affected> (Only affects 4.2.x and later)

Search for package or bug name: Reporting problems