// For flags

CVE-2013-2076

 

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.

Xen v4.0.x, v4.1.x, y v4.2.x, cuando se ejecuta en procesadores AMD64, sólo guarda/restaura los registros FOP, FIP, y FDP x87 en FXSAVE/FXRSTOR cuando una excepción se encuentra pendiente, lo que permite un dominio para determinar las porciones del estado de las instrucciones de punto flotante de otros dominios, por lo que pueden ser aprovechados para obtener información confidencial, como claves criptográficas, una vulnerabilidad similar a CVE-2006-1056. NOTA: este es el comportamiento documentado de procesadores AMD64, pero no es consistente con procesadores Intel de modo relevante para la seguridad que no ha sido resuelto por los kernel.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
High
Authentication
Single
Confidentiality
Complete
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-02-19 CVE Reserved
  • 2013-08-28 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Xen
Search vendor "Xen"
Xen
Search vendor "Xen" for product "Xen"
4.0.0
Search vendor "Xen" for product "Xen" and version "4.0.0"
-
Affected
Xen
Search vendor "Xen"
Xen
Search vendor "Xen" for product "Xen"
4.0.1
Search vendor "Xen" for product "Xen" and version "4.0.1"
-
Affected
Xen
Search vendor "Xen"
Xen
Search vendor "Xen" for product "Xen"
4.0.2
Search vendor "Xen" for product "Xen" and version "4.0.2"
-
Affected
Xen
Search vendor "Xen"
Xen
Search vendor "Xen" for product "Xen"
4.0.3
Search vendor "Xen" for product "Xen" and version "4.0.3"
-
Affected
Xen
Search vendor "Xen"
Xen
Search vendor "Xen" for product "Xen"
4.0.4
Search vendor "Xen" for product "Xen" and version "4.0.4"
-
Affected
Xen
Search vendor "Xen"
Xen
Search vendor "Xen" for product "Xen"
4.2.0
Search vendor "Xen" for product "Xen" and version "4.2.0"
-
Affected
Xen
Search vendor "Xen"
Xen
Search vendor "Xen" for product "Xen"
4.2.1
Search vendor "Xen" for product "Xen" and version "4.2.1"
-
Affected
Xen
Search vendor "Xen"
Xen
Search vendor "Xen" for product "Xen"
4.2.2
Search vendor "Xen" for product "Xen" and version "4.2.2"
-
Affected
Xen
Search vendor "Xen"
Xen
Search vendor "Xen" for product "Xen"
4.1.0
Search vendor "Xen" for product "Xen" and version "4.1.0"
-
Affected
Xen
Search vendor "Xen"
Xen
Search vendor "Xen" for product "Xen"
4.1.1
Search vendor "Xen" for product "Xen" and version "4.1.1"
-
Affected
Xen
Search vendor "Xen"
Xen
Search vendor "Xen" for product "Xen"
4.1.2
Search vendor "Xen" for product "Xen" and version "4.1.2"
-
Affected
Xen
Search vendor "Xen"
Xen
Search vendor "Xen" for product "Xen"
4.1.3
Search vendor "Xen" for product "Xen" and version "4.1.3"
-
Affected
Xen
Search vendor "Xen"
Xen
Search vendor "Xen" for product "Xen"
4.1.4
Search vendor "Xen" for product "Xen" and version "4.1.4"
-
Affected
Xen
Search vendor "Xen"
Xen
Search vendor "Xen" for product "Xen"
4.1.5
Search vendor "Xen" for product "Xen" and version "4.1.5"
-
Affected