admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2013/CVE-2013-20xx/CVE-2013-2076.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

176 lines
6.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2013-2076",
"sourceIdentifier": "secalert@redhat.com",
"published": "2013-08-28T21:55:08.347",
"lastModified": "2023-02-13T00:28:23.807",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels."
},
{
"lang": "es",
"value": "Xen v4.0.x, v4.1.x, y v4.2.x, cuando se ejecuta en procesadores AMD64, s\u00f3lo guarda/restaura los registros FOP, FIP, y FDP x87 en FXSAVE/FXRSTOR cuando una excepci\u00f3n se encuentra pendiente, lo que permite un dominio para determinar las porciones del estado de las instrucciones de punto flotante de otros dominios, por lo que pueden ser aprovechados para obtener informaci\u00f3n confidencial, como claves criptogr\u00e1ficas, una vulnerabilidad similar a CVE-2006-1056. NOTA: este es el comportamiento documentado de procesadores AMD64, pero no es consistente con procesadores Intel de modo relevante para la seguridad que no ha sido resuelto por los kernel."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:H/Au:S/C:C/I:N/A:N",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "HIGH",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 2.5,
"impactScore": 6.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "550223A9-B9F1-440A-8C25-9F0F76AF7301"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC734D58-96E5-4DD2-8781-F8E0ADB96462"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62CEC1BF-1922-410D-BCBA-C58199F574C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "923F2C2B-4A65-4823-B511-D0FEB7C7FAB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A24DED-B2EC-4D9C-9FA4-DD37EF3E3BFC"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47640819-FC43-49ED-8A77-728C3D7255B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2448537F-87AD-45C1-9FB0-7A49CA31BD76"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D532B60-C8DD-4A2F-9D05-E574D23EB754"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D83CA8B-8E49-45FA-8FAB-C15052474542"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27537DF5-7E0F-463F-BA87-46E329EE07AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA4F978-9145-4FE6-B4F9-15207E52C40A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22A995FD-9B7F-4DF0-BECF-4B086E470F1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "219597E2-E2D7-4647-8A7C-688B96300158"
}
]
}
]
}
],
"references": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html",
"source": "secalert@redhat.com"
},
{
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml",
"source": "secalert@redhat.com"
},
{
"url": "http://www.debian.org/security/2014/dsa-3006",
"source": "secalert@redhat.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/06/03/1",
"source": "secalert@redhat.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink