PT-2014-4284 · Xen+1 · Xen+1
Andrew Cooper
+1
·
Publicado
2014-01-26
·
Atualizado
2018-01-03
·
CVE-2014-1666
CVSS v2.0
8.3
Alta
| Vetor | AV:A/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Xen versions 4.1.5 through 4.1.6.1
Xen versions 4.2.2 through 4.2.3
Xen version 4.3.x
Description
The issue concerns the
do physdev op function, which does not properly restrict access to the PHYSDEVOP prepare msix and PHYSDEVOP release msix operations. This allows local PV guests to cause a denial of service or possibly gain privileges via unspecified vectors.Recommendations
For Xen versions 4.1.5 through 4.1.6.1, consider restricting access to the
PHYSDEVOP prepare msix and PHYSDEVOP release msix operations until a patch is available.
For Xen versions 4.2.2 through 4.2.3, restrict access to the PHYSDEVOP prepare msix and PHYSDEVOP release msix operations to minimize the risk of exploitation.
For Xen version 4.3.x, avoid using the do physdev op function until the issue is resolved.Correção
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Suse
Xen