CVE-2013-4551

NameCVE-2013-4551
DescriptionXen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)stretch (security), stretch4.8.5.final+shim4.10.4-1+deb9u12fixed
buster4.11.4+57-g41a822c392-2fixed
buster (security)4.11.4+99-g8bce4698f6-1fixed
bullseye, sid4.14.1+11-gb0b734a8b3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensourcesqueeze(not affected)
xensourcewheezy(not affected)
xensource(unstable)4.4.0-1

Notes

[wheezy] - xen <not-affected> (Only affects 4.2.x and later)
[squeeze] - xen <not-affected> (Only affects 4.2.x and later)

Search for package or bug name: Reporting problems