CVE-2014-9030

Name of the Vulnerable Software and Affected Versions Xen versions 3.2.x through 4.4.x

Description The issue is related to the do mmu update function in arch/x86/mm.c, which does not properly manage page references. This allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU MACHPHYS UPDATE.

Recommendations For Xen versions 3.2.x through 4.4.x, consider restricting access to the do mmu update function until a patch is available. As a temporary workaround, limiting control over HVM guests may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.