Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-3124

Overview

Vulnerability Score 6.7 6.7
CVE Id CVE-2014-3124
Last Modified 11 Dec 2014 10:01:34
Published 07 May 2014 06:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact COMPLETE COMPLETE
Access Vector ADJACENT_NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-3124

Summary

The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types.

Vulnerable Systems

Operating System

  • Xen 4.1.0

  • Xen 4.1.1

  • Xen 4.1.2

  • Xen 4.1.3

  • Xen 4.1.4

  • Xen 4.1.5

  • Xen 4.1.6.1

  • Xen 4.2.0

  • Xen 4.2.1

  • Xen 4.2.2

  • Xen 4.2.3

  • Xen 4.3.0

  • Xen 4.3.1

  • Xen 4.4.0


References

CONFIRM - http://xenbits.xen.org/xsa/advisory-92.html

SECTRACK - 1030160

BID - 67113

MLIST - [oss-security] 20140430 Re: Xen Security Advisory 92 - HVMOP_set_mem_type allows invalid P2M entries to be created

MLIST - [oss-security] 20140429 Xen Security Advisory 92 - HVMOP_set_mem_type allows invalid P2M entries to be created

FEDORA - FEDORA-2014-5941

FEDORA - FEDORA-2014-5915

SUSE - openSUSE-SU-2014:1281

DEBIAN - DSA-3006


Last Updated: 27 May 2016 11:05:34