PT-2014-4350 · Xen+1 · Xen+1
Matthew Daley
·
Published
2014-04-01
·
Updated
2017-01-07
·
CVE-2014-1895
CVSS v2.0
5.8
Medium
| Vector | AV:A/AC:M/Au:S/C:P/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Xen versions 4.2.x through 4.3.x
Description
The issue is caused by an off-by-one error in the
flask security avc cachestats function. This error can be triggered by a FLASK AVC CACHESTAT hypercall when the maximum number of physical CPUs are in use, allowing local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory due to a buffer over-read.Recommendations
For Xen versions 4.2.x through 4.3.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Suse
Xen