Denial of Service Vulnerability in Xen 4.2.x on x86_32 Platform with Nested Virtualization Support

Denial of Service Vulnerability in Xen 4.2.x on x86_32 Platform with Nested Virtualization Support

CVE-2013-0151 · MEDIUM Severity

AV:A/AC:H/AU:N/C:N/I:N/A:C

The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs.

Learn more about our User Device Pen Test.