PT-2014-4284 · Xen+1 · Xen+1
Andrew Cooper
+1
·
Published
2014-01-26
·
Updated
2018-01-03
·
CVE-2014-1666
CVSS v2.0
8.3
High
| Vector | AV:A/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Xen versions 4.1.5 through 4.1.6.1
Xen versions 4.2.2 through 4.2.3
Xen version 4.3.x
Description
The issue concerns the
do physdev op function, which does not properly restrict access to the PHYSDEVOP prepare msix and PHYSDEVOP release msix operations. This allows local PV guests to cause a denial of service or possibly gain privileges via unspecified vectors.Recommendations
For Xen versions 4.1.5 through 4.1.6.1, consider restricting access to the
PHYSDEVOP prepare msix and PHYSDEVOP release msix operations until a patch is available.
For Xen versions 4.2.2 through 4.2.3, restrict access to the PHYSDEVOP prepare msix and PHYSDEVOP release msix operations to minimize the risk of exploitation.
For Xen version 4.3.x, avoid using the do physdev op function until the issue is resolved.Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Suse
Xen