CVE-2014-1895

Name of the Vulnerable Software and Affected Versions Xen versions 4.2.x through 4.3.x

Description The issue is caused by an off-by-one error in the flask security avc cachestats function. This error can be triggered by a FLASK AVC CACHESTAT hypercall when the maximum number of physical CPUs are in use, allowing local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory due to a buffer over-read.

Recommendations For Xen versions 4.2.x through 4.3.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.