1
Candidate: CVE-2013-1442
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442
5
http://www.openwall.com/lists/oss-security/2013/09/25/2
6
http://lists.xen.org/archives/html/xen-announce/2013-09/msg00005.html
8
Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not
9
properly clear previous data from registers when using an XSAVE or XRSTOR
10
to extend the state components of a saved or restored vCPU after touching
11
other restored extended registers, which allows local guest OSes to obtain
12
sensitive information by reading the registers.
15
sarnold> Problem can be mitigated with the "no-xsave" hypervisor command
16
line option, which should be the default in 12.04 LTS and 12.10.
17
mdeslaur> This is XSA-62
20
Discovered-by: Jan Beulich
24
upstream_xen-3.3: ignored (reached end-of-life)
25
lucid_xen-3.3: not-affected
33
upstream: http://lists.xen.org/archives/html/xen-announce/2013-09/bind3QfiYrWBs.bin (4.1)
34
upstream: http://lists.xen.org/archives/html/xen-announce/2013-09/bini6tc760v1O.bin (4.2, 4.3)
35
Tags_xen: universe-binary
38
precise_xen: released (4.1.5-0ubuntu0.12.04.2)
39
quantal_xen: released (4.1.5-0ubuntu0.12.10.2)
40
raring_xen: released (4.2.2-0ubuntu0.13.04.2)
41
saucy_xen: released (4.3.0-1ubuntu1.1)
42
devel_xen: released (4.3.0-1ubuntu2)