Information disclosure in Xen - CVE-2013-2076
Published: August 29, 2013 / Updated: July 28, 2020
Vulnerability identifier: #VU32661
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2013-2076
CWE-ID: CWE-200
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Xen Project
Affected software:
Xen
Xen
Detailed vulnerability description
The vulnerability allows a remote #AU# to gain access to sensitive information.
Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.
How to mitigate CVE-2013-2076
Install update from vendor's website.