Home > Vulnerability Database > CVE-2013-1442

Mend.io Vulnerability Database

CVE-2013-1442

Date: September 30, 2013

Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers.

Language: C

Severity Score

2.6

Related Resources (8)

Url: http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html

Url: http://www.securitytracker.com/id/1029090

Url: http://security.gentoo.org/glsa/glsa-201407-03.xml

Url: http://www.openwall.com/lists/oss-security/2013/09/25/2

Url: http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2013-1442

Url: http://www.debian.org/security/2014/dsa-3006

Url: https://www.mend.io/vulnerability-database/CVE-2013-1442

Severity Score

2.6

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

CVSS v3.1

Base Score:	2.6
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	1.2
Access Vector (AV):	LOCAL
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2013-1442

Date: September 30, 2013

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?