Vulnerability-Lookup

CVE-2013-0153 (GCVE-0-2013-0153)

Vulnerability from cvelistv5 – Published: 2013-02-14 22:00 – Updated: 2024-08-06 14:18

Summary

The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/55082	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-updates/2013-0…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/51881	third-party-advisoryx_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-201309-24.xml	vendor-advisoryx_refsource_GENTOO
	http://www.debian.org/security/2013/dsa-2636	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-updates/2013-0…	vendor-advisoryx_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2013/02/05/7	mailing-listx_refsource_MLIST
	http://osvdb.org/89867	vdb-entryx_refsource_OSVDB
	http://rhn.redhat.com/errata/RHSA-2013-0847.html	vendor-advisoryx_refsource_REDHAT
	http://lists.opensuse.org/opensuse-updates/2013-0…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.securityfocus.com/bid/57745	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:18:09.141Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "xen-amdiommu-dos(81831)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81831"
          },
          {
            "name": "55082",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55082"
          },
          {
            "name": "openSUSE-SU-2013:0637",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html"
          },
          {
            "name": "51881",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51881"
          },
          {
            "name": "GLSA-201309-24",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
          },
          {
            "name": "DSA-2636",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2636"
          },
          {
            "name": "openSUSE-SU-2013:0912",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html"
          },
          {
            "name": "[oss-security] 20130205 Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/02/05/7"
          },
          {
            "name": "89867",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/89867"
          },
          {
            "name": "RHSA-2013:0847",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0847.html"
          },
          {
            "name": "openSUSE-SU-2013:0636",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html"
          },
          {
            "name": "SUSE-SU-2014:0446",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
          },
          {
            "name": "57745",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/57745"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "xen-amdiommu-dos(81831)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81831"
        },
        {
          "name": "55082",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55082"
        },
        {
          "name": "openSUSE-SU-2013:0637",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html"
        },
        {
          "name": "51881",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51881"
        },
        {
          "name": "GLSA-201309-24",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
        },
        {
          "name": "DSA-2636",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2636"
        },
        {
          "name": "openSUSE-SU-2013:0912",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html"
        },
        {
          "name": "[oss-security] 20130205 Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/02/05/7"
        },
        {
          "name": "89867",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/89867"
        },
        {
          "name": "RHSA-2013:0847",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0847.html"
        },
        {
          "name": "openSUSE-SU-2013:0636",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html"
        },
        {
          "name": "SUSE-SU-2014:0446",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
        },
        {
          "name": "57745",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/57745"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-0153",
    "datePublished": "2013-02-14T22:00:00.000Z",
    "dateReserved": "2012-12-06T00:00:00.000Z",
    "dateUpdated": "2024-08-06T14:18:09.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2013-AVI-158

Vulnerability from certfr_avis - Published: 2013-02-28 - Updated: 2013-02-28

De multiples vulnérabilités ont été corrigées dans Citrix XenServer. Elles permettent à un attaquant de provoquer un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Citrix XenServer versions 6.1 et antérieures

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX136540 du 26 février 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eCitrix XenServer versions 6.1 et ant\u00e9rieures\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0217"
    },
    {
      "name": "CVE-2013-0231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0231"
    },
    {
      "name": "CVE-2013-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0216"
    },
    {
      "name": "CVE-2013-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0215"
    },
    {
      "name": "CVE-2013-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0153"
    }
  ],
  "initial_release_date": "2013-02-28T00:00:00",
  "last_revision_date": "2013-02-28T00:00:00",
  "links": [],
  "reference": "CERTA-2013-AVI-158",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-02-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCitrix XenServer\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix XenServer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX136540 du 26 f\u00e9vrier 2013",
      "url": "http://support.citrix.com/article/CTX136540"
    }
  ]
}

CERTA-2013-AVI-098

Vulnerability from certfr_avis - Published: 2013-02-06 - Updated: 2013-02-06

De multiples vulnérabilités ont été corrigées dans Xen. Elles permettent à un attaquant de provoquer un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	XEN	Xen	Xen branche 4.1.x
	XEN	Xen	Xen branche 4.2.x

References

Title

Publication Time

Tags

Bulletin de sécurité Xen du 04 février 2013	None	vendor-advisory
Bulletin de sécurité Xen 43 du 05 février 2013	-	other
Bulletin de sécurité Xen 38 du 05 février 2013	-	other
Bulletin de sécurité Xen 39 du 05 février 2013	-	other
Bulletin de sécurité Xen 37 du 04 février 2013	-	other
Bulletin de sécurité Xen 36 du 05 février 2013	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Xen branche 4.1.x",
      "product": {
        "name": "Xen",
        "vendor": {
          "name": "XEN",
          "scada": false
        }
      }
    },
    {
      "description": "Xen branche 4.2.x",
      "product": {
        "name": "Xen",
        "vendor": {
          "name": "XEN",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0217"
    },
    {
      "name": "CVE-2013-0231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0231"
    },
    {
      "name": "CVE-2013-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0216"
    },
    {
      "name": "CVE-2013-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0215"
    },
    {
      "name": "CVE-2013-0154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0154"
    },
    {
      "name": "CVE-2013-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0153"
    }
  ],
  "initial_release_date": "2013-02-06T00:00:00",
  "last_revision_date": "2013-02-06T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 43 du 05 f\u00e9vrier 2013",
      "url": "http://lists.xen.org/archives/html/xen-announce/2013-02/msg00003.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 38 du 05 f\u00e9vrier 2013",
      "url": "http://lists.xen.org/archives/html/xen-announce/2013-02/msg00000.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 39 du 05 f\u00e9vrier 2013",
      "url": "http://lists.xen.org/archives/html/xen-announce/2013-02/msg00001.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 37 du 04 f\u00e9vrier 2013",
      "url": "http://lists.xen.org/archives/html/xen-announce/2013-01/msg00000.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 36 du 05 f\u00e9vrier 2013",
      "url": "http://lists.xen.org/archives/html/xen-announce/2013-02/msg00002.html"
    }
  ],
  "reference": "CERTA-2013-AVI-098",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-02-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eXen\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen du 04 f\u00e9vrier 2013",
      "url": null
    }
  ]
}

GSD-2013-0153

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-0153

Aliases

CVE-2013-0153

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-0153",
    "description": "The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests.",
    "id": "GSD-2013-0153",
    "references": [
      "https://www.suse.com/security/cve/CVE-2013-0153.html",
      "https://www.debian.org/security/2013/dsa-2636",
      "https://access.redhat.com/errata/RHSA-2013:0847",
      "https://linux.oracle.com/cve/CVE-2013-0153.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-0153"
      ],
      "details": "The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests.",
      "id": "GSD-2013-0153",
      "modified": "2023-12-13T01:22:14.754272Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2013-0153",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://secunia.com/advisories/55082",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/55082"
          },
          {
            "name": "http://security.gentoo.org/glsa/glsa-201309-24.xml",
            "refsource": "MISC",
            "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
          },
          {
            "name": "http://www.debian.org/security/2013/dsa-2636",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2013/dsa-2636"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html"
          },
          {
            "name": "http://osvdb.org/89867",
            "refsource": "MISC",
            "url": "http://osvdb.org/89867"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2013-0847.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0847.html"
          },
          {
            "name": "http://secunia.com/advisories/51881",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/51881"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2013/02/05/7",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2013/02/05/7"
          },
          {
            "name": "http://www.securityfocus.com/bid/57745",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/57745"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81831",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81831"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-0153"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "57745",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/57745"
            },
            {
              "name": "[oss-security] 20130205 Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2013/02/05/7"
            },
            {
              "name": "51881",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/51881"
            },
            {
              "name": "89867",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/89867"
            },
            {
              "name": "DSA-2636",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2013/dsa-2636"
            },
            {
              "name": "openSUSE-SU-2013:0637",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html"
            },
            {
              "name": "openSUSE-SU-2013:0636",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html"
            },
            {
              "name": "RHSA-2013:0847",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0847.html"
            },
            {
              "name": "openSUSE-SU-2013:0912",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html"
            },
            {
              "name": "55082",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/55082"
            },
            {
              "name": "GLSA-201309-24",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
            },
            {
              "name": "SUSE-SU-2014:0446",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
            },
            {
              "name": "xen-amdiommu-dos(81831)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81831"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.7,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:32Z",
      "publishedDate": "2013-02-14T22:55Z"
    }
  }
}

FKIE_CVE-2013-0153

Vulnerability from fkie_nvd - Published: 2013-02-14 22:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html
secalert@redhat.com	http://osvdb.org/89867
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2013-0847.html
secalert@redhat.com	http://secunia.com/advisories/51881	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/55082
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-201309-24.xml
secalert@redhat.com	http://www.debian.org/security/2013/dsa-2636
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/02/05/7
secalert@redhat.com	http://www.securityfocus.com/bid/57745
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/81831
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/89867
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-0847.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51881	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/55082
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201309-24.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2013/dsa-2636
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/02/05/7
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/57745
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/81831

Impacted products

Vendor	Product	Version
xen	xen	4.2.0
xen	xen	4.2.1
xen	xen	4.1.0
xen	xen	4.1.1
xen	xen	4.1.2
xen	xen	4.1.3
xen	xen	4.1.4
xen	xen	3.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47640819-FC43-49ED-8A77-728C3D7255B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D532B60-C8DD-4A2F-9D05-E574D23EB754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D83CA8B-8E49-45FA-8FAB-C15052474542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27537DF5-7E0F-463F-BA87-46E329EE07AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EA4F978-9145-4FE6-B4F9-15207E52C40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "22A995FD-9B7F-4DF0-BECF-4B086E470F1E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB157D09-B91B-486A-A9F7-C9BA75AE8823",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests."
    },
    {
      "lang": "es",
      "value": "El soporte de Xen para AMD IOMMU en v4.2.x, v4.1.x, v3.3, and otras versiones, cuando usa AMD-Vi para el paso por el PCI, usa la misma tabla para el trazado de interrupciones por el host y los anfitriones, lo que permite a los invitados causar una denegaci\u00f3n de servicio por medio de la inyecci\u00f3n de una interrupci\u00f3n en los otros invitados."
    }
  ],
  "id": "CVE-2013-0153",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.7,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-02-14T22:55:02.653",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/89867"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0847.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51881"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/55082"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2013/dsa-2636"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/02/05/7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/57745"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81831"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/89867"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0847.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2013/dsa-2636"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/02/05/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/57745"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81831"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-VPJV-XVJR-PG3C

Vulnerability from github – Published: 2022-05-05 02:48 – Updated: 2022-05-05 02:48

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-0153"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-02-14T22:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests.",
  "id": "GHSA-vpjv-xvjr-pg3c",
  "modified": "2022-05-05T02:48:29Z",
  "published": "2022-05-05T02:48:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0153"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81831"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/89867"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0847.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51881"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/55082"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2013/dsa-2636"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/02/05/7"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/57745"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-0153 (GCVE-0-2013-0153)

CERTA-2013-AVI-158

Solution

CERTA-2013-AVI-098

Solution

GSD-2013-0153

FKIE_CVE-2013-0153

GHSA-VPJV-XVJR-PG3C

Tags

Sightings

Nomenclature