PT-2014-5102 · Xen+1 · Xen+1

Chen Baozi

Published

2014-05-02

Updated

2018-10-30

CVE-2014-3125

CVSS v2.0

6.2

Medium

Vector

AV:A/AC:L/Au:S/C:N/I:P/A:C

Name of the Vulnerable Software and Affected Versions Xen versions 4.4.x

Description The issue is related to the improper context switching of the CNTKCTL EL1 register when Xen is running on an ARM system. This allows local guest users to modify the hardware timers, which can cause a denial of service (crash) via unspecified vectors.

Recommendations For Xen version 4.4.x, consider applying a patch or fix that properly handles the context switching of the CNTKCTL EL1 register to prevent local guest users from modifying the hardware timers and causing a denial of service.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2014-1616

CVE-2014-3125

Affected Products

Alt Linux

Xen

PT-2014-5102 · Xen+1 · Xen+1

CVE-2014-3125

Weakness Enumeration

Related Identifiers

Affected Products

References · 14