Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 483220 - app-emulation/xen: Information Leak (XSA-52) (CVE-2013-2076)
Summary: app-emulation/xen: Information Leak (XSA-52) (CVE-2013-2076)
Status: RESOLVED DUPLICATE of bug 472214
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-09-01 00:16 UTC by GLSAMaker/CVETool Bot
Modified: 2013-09-01 00:48 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2013-09-01 00:16:28 UTC 
CVE-2013-2076 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2076):
  Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only
  save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an
  exception is pending, which allows one domain to determine portions of the
  state of floating point instructions of other domains, which can be
  leveraged to obtain sensitive information such as cryptographic keys, a
  similar vulnerability to CVE-2006-1056.  NOTE: this is the documented
  behavior of AMD64 processors, but it is inconsistent with Intel processors
  in a security-relevant fashion that was not addressed by the kernels.
Comment 1 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-01 00:48:35 UTC 

*** This bug has been marked as a duplicate of bug 472214 ***