Multiple vulnerabilities in Xen
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 14 |
| CVE-ID | CVE-2014-5147 CVE-2014-4022 CVE-2014-4021 CVE-2014-3969 CVE-2014-3714 CVE-2014-3715 CVE-2014-3716 CVE-2014-3717 CVE-2014-3124 CVE-2014-3125 CVE-2014-2986 CVE-2014-2915 CVE-2014-1896 CVE-2014-2599 |
| CWE-ID | CWE-264 CWE-200 CWE-119 CWE-20 CWE-476 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Xen Server applications / Virtualization software |
| Vendor | Xen Project |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU41361
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:A/AC:H/PR:/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-5147
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.
Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.4.0
External linkshttp://www.securitytracker.com/id/1030724
http://xenbits.xen.org/xsa/advisory-102.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU41491
Risk: Low
CVSSv3.1: 1.3 [CVSS:3.1/AV:A/AC:L/PR:/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-4022
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to gain access to sensitive information.
The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOP_setup_table subhypercall.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.4.0
External linkshttp://secunia.com/advisories/59523
http://www.securityfocus.com/bid/68184
http://www.securitytracker.com/id/1030471
http://xenbits.xen.org/xsa/advisory-101.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU41543
Risk: Low
CVSSv3.1: 1.3 [CVSS:3.1/AV:A/AC:L/PR:/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-4021
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to gain access to sensitive information.
Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 3.2.0 - 4.4.0
External linkshttp://linux.oracle.com/errata/ELSA-2014-0926.html
http://linux.oracle.com/errata/ELSA-2014-0926-1.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135068.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135071.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
http://secunia.com/advisories/59208
http://secunia.com/advisories/60027
http://secunia.com/advisories/60130
http://secunia.com/advisories/60471
http://security.gentoo.org/glsa/glsa-201407-03.xml
http://support.citrix.com/article/CTX140984
http://www.debian.org/security/2014/dsa-3006
http://www.securityfocus.com/bid/68070
http://www.securitytracker.com/id/1030442
http://xenbits.xen.org/xsa/advisory-100.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU41575
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:A/AC:L/PR:/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-3969
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to execute arbitrary code.
Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.4.0
External linkshttp://secunia.com/advisories/58975
http://www.openwall.com/lists/oss-security/2014/06/04/14
http://www.securityfocus.com/bid/67819
http://www.securitytracker.com/id/1030333
http://xenbits.xen.org/xsa/advisory-98.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU41658
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-3714
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.4.0
External linkshttp://www.openwall.com/lists/oss-security/2014/05/14/4
http://www.openwall.com/lists/oss-security/2014/05/15/6
http://www.openwall.com/lists/oss-security/2014/05/16/1
http://www.securitytracker.com/id/1030252
http://xenbits.xen.org/xsa/advisory-95.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU41659
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-3715
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.4.0
External linkshttp://www.openwall.com/lists/oss-security/2014/05/14/4
http://www.openwall.com/lists/oss-security/2014/05/15/6
http://www.openwall.com/lists/oss-security/2014/05/16/1
http://www.securitytracker.com/id/1030252
http://xenbits.xen.org/xsa/advisory-95.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU41660
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-3716
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.4.0
External linkshttp://www.openwall.com/lists/oss-security/2014/05/14/4
http://www.openwall.com/lists/oss-security/2014/05/15/6
http://www.openwall.com/lists/oss-security/2014/05/16/1
http://www.securitytracker.com/id/1030252
http://xenbits.xen.org/xsa/advisory-95.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU41661
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-3717
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.4.0
External linkshttp://www.openwall.com/lists/oss-security/2014/05/14/4
http://www.openwall.com/lists/oss-security/2014/05/15/6
http://www.openwall.com/lists/oss-security/2014/05/16/1
http://www.securitytracker.com/id/1030252
http://xenbits.xen.org/xsa/advisory-95.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU41716
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:A/AC:L/PR:/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-3124
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to #BASIC_IMPACT#.
The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.1.0 - 4.4.0
External linkshttp://lists.fedoraproject.org/pipermail/package-announce/2014-May/133148.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133191.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
http://security.gentoo.org/glsa/glsa-201407-03.xml
http://www.debian.org/security/2014/dsa-3006
http://www.openwall.com/lists/oss-security/2014/04/29/1
http://www.openwall.com/lists/oss-security/2014/04/30/10
http://www.securityfocus.com/bid/67113
http://www.securitytracker.com/id/1030160
http://xenbits.xen.org/xsa/advisory-92.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU41729
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-3125
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to damange or delete data.
Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.4.0
External linkshttp://secunia.com/advisories/58347
http://www.openwall.com/lists/oss-security/2014/04/30/11
http://www.openwall.com/lists/oss-security/2014/04/30/5
http://www.securityfocus.com/bid/67157
http://www.securitytracker.com/id/1030184
http://xenbits.xen.org/xsa/advisory-91.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU41748
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:A/AC:L/PR:/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2014-2986
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via unspecified vectors.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsXen: 4.4.0
External linkshttp://www.openwall.com/lists/oss-security/2014/04/23/3
http://www.openwall.com/lists/oss-security/2014/04/23/4
http://www.openwall.com/lists/oss-security/2014/04/23/5
http://www.securityfocus.com/bid/67047
http://www.securitytracker.com/id/1030146
http://xenbits.xen.org/xsa/advisory-94.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU41754
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:A/AC:L/PR:/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-2915
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.
Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vectors, related to (1) cache control, (2) coprocessors, (3) debug registers, and (4) other unspecified registers.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.4.0
External linkshttp://www.openwall.com/lists/oss-security/2014/04/22/10
http://www.openwall.com/lists/oss-security/2014/04/23/2
http://www.securitytracker.com/id/1030135
http://xenbits.xen.org/xsa/advisory-93.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU41862
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:A/AC:L/PR:/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-1896
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to read and manipulate data.
The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring."
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.2.0 - 4.4.0
External linkshttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html
http://security.gentoo.org/glsa/glsa-201407-03.xml
http://www.openwall.com/lists/oss-security/2014/02/07/12
http://www.openwall.com/lists/oss-security/2014/02/10/7
http://xenbits.xen.org/xsa/advisory-86.html
http://xenbits.xen.org/xsa/xsa86.patch
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU41882
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-2599
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.1.0 - 4.4.0
External linkshttp://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
http://security.gentoo.org/glsa/glsa-201407-03.xml
http://www.debian.org/security/2014/dsa-3006
http://www.openwall.com/lists/oss-security/2014/03/25/1
http://www.openwall.com/lists/oss-security/2014/03/25/2
http://www.securityfocus.com/bid/66407
http://www.securitytracker.com/id/1029956
http://xenbits.xen.org/xsa/advisory-89.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
