What is the severity of CVE-2013-4361?

CVE-2013-4361 has a medium severity rating as it allows local HVM guests to access hypervisor stack information.

How do I fix CVE-2013-4361?

To fix CVE-2013-4361, you should upgrade your Xen hypervisor to a version that addresses this vulnerability.

Which versions of Xen are affected by CVE-2013-4361?

CVE-2013-4361 affects Xen versions from 3.3.x through 4.3.x.

Is CVE-2013-4361 an issue for HVM guests?

Yes, CVE-2013-4361 specifically affects local HVM guests in the Xen hypervisor.

What consequences may arise from CVE-2013-4361?

The consequence of CVE-2013-4361 is that an attacker could gain sensitive information from the hypervisor's stack through local exploitation.

Vulnerability/
CVE-2013-4361

low

2.1

CWE

200

1/10/2013

6/8/2024

CVE-2013-4361: Infoleak

First published: Tue Oct 01 2013(Updated: )

The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Xen xen-unstable	=3.3.0
Xen xen-unstable	=3.3.1
Xen xen-unstable	=3.3.2
Xen xen-unstable	=3.4.0
Xen xen-unstable	=3.4.1
Xen xen-unstable	=3.4.2
Xen xen-unstable	=3.4.3
Xen xen-unstable	=3.4.4
Xen xen-unstable	=4.0.0
Xen xen-unstable	=4.0.1
Xen xen-unstable	=4.0.2
Xen xen-unstable	=4.0.3
Xen xen-unstable	=4.0.4
Xen xen-unstable	=4.1.0
Xen xen-unstable	=4.1.1
Xen xen-unstable	=4.1.2
Xen xen-unstable	=4.1.3
Xen xen-unstable	=4.1.4
Xen xen-unstable	=4.1.5
Xen xen-unstable	=4.2.0
Xen xen-unstable	=4.2.1
Xen xen-unstable	=4.2.2
Xen xen-unstable	=4.3.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-4361?
CVE-2013-4361 has a medium severity rating as it allows local HVM guests to access hypervisor stack information.
How do I fix CVE-2013-4361?
To fix CVE-2013-4361, you should upgrade your Xen hypervisor to a version that addresses this vulnerability.
Which versions of Xen are affected by CVE-2013-4361?
CVE-2013-4361 affects Xen versions from 3.3.x through 4.3.x.
Is CVE-2013-4361 an issue for HVM guests?
Yes, CVE-2013-4361 specifically affects local HVM guests in the Xen hypervisor.
What consequences may arise from CVE-2013-4361?
The consequence of CVE-2013-4361 is that an attacker could gain sensitive information from the hypervisor's stack through local exploitation.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/severity
agent/references
agent/author
agent/event
agent/description
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/xen
canonical/xen xen-unstable
version/xen xen-unstable/3.3.0
version/xen xen-unstable/3.3.1
version/xen xen-unstable/3.3.2
version/xen xen-unstable/3.4.0
version/xen xen-unstable/3.4.1
version/xen xen-unstable/3.4.2
version/xen xen-unstable/3.4.3
version/xen xen-unstable/3.4.4
version/xen xen-unstable/4.0.0
version/xen xen-unstable/4.0.1
version/xen xen-unstable/4.0.2
version/xen xen-unstable/4.0.3
version/xen xen-unstable/4.0.4
version/xen xen-unstable/4.1.0
version/xen xen-unstable/4.1.1
version/xen xen-unstable/4.1.2
version/xen xen-unstable/4.1.3
version/xen xen-unstable/4.1.4
version/xen xen-unstable/4.1.5
version/xen xen-unstable/4.2.0
version/xen xen-unstable/4.2.1
version/xen xen-unstable/4.2.2
version/xen xen-unstable/4.3.0