CVE-2013-1917
xen - several
EPSS 0.07%
Description
Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction.
How to fix CVE-2013-1917
To remediate CVE-2013-1917, upgrade the affected package to a fixed version below.
- Debian/xen—upgrade to 4.1.4-3 or later
- Debian/xen—upgrade to 4.0.1-5.10 or later
Is CVE-2013-1917 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.1.4-3
- from 0, < 4.0.1-5.10