Multiple vulnerabilities in Xen
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2014-1891 CVE-2014-1895 CVE-2014-1950 CVE-2014-1642 CVE-2014-1666 CVE-2013-4553 CVE-2013-4554 CVE-2013-6400 CVE-2013-4551 CVE-2013-4416 |
| CWE-ID | CWE-20 CWE-416 CWE-264 CWE-119 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
Xen Server applications / Virtualization software |
| Vendor | Xen Project |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU41857
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-1891
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.
Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 3.2.0 - 4.3.1
CPE2.3- cpe:2.3:a:xen_project:xen:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:3.2.2:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
https://security.gentoo.org/glsa/glsa-201407-03.xml
https://www.openwall.com/lists/oss-security/2014/02/07/12
https://www.openwall.com/lists/oss-security/2014/02/07/4
https://www.openwall.com/lists/oss-security/2014/02/10/8
https://xenbits.xen.org/xsa/advisory-84.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU41861
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-1895
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to #BASIC_IMPACT#.
Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.2.0 - 4.3.1
CPE2.3- cpe:2.3:a:xen_project:xen:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.2.2:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html
https://security.gentoo.org/glsa/glsa-201407-03.xml
https://www.openwall.com/lists/oss-security/2014/02/07/12
https://www.openwall.com/lists/oss-security/2014/02/10/6
https://xenbits.xen.org/xsa/advisory-85.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU42038
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-1950
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing unspecified vectors. A local users with access to management functions can cause a denial of service (heap corruption) and possibly gain privileges.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsXen: 4.1.1 - 4.3.1
CPE2.3- cpe:2.3:a:xen_project:xen:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.1.3:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html
https://www.debian.org/security/2014/dsa-3006
https://www.openwall.com/lists/oss-security/2014/02/12/17
https://xenbits.xen.org/xsa/advisory-88.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU42104
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-1642
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free. A local guest administrators can cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsXen: 4.2.0 - 4.3.1
CPE2.3- cpe:2.3:a:xen_project:xen:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.2.2:*:*:*:*:*:*:*
https://lists.fedoraproject.org/pipermail/package-announce/2014-February/127580.html
https://lists.fedoraproject.org/pipermail/package-announce/2014-February/127607.html
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html
https://osvdb.org/102406
https://secunia.com/advisories/56557
https://security.gentoo.org/glsa/glsa-201407-03.xml
https://www.openwall.com/lists/oss-security/2014/01/23/4
https://www.securityfocus.com/bid/65097
https://www.securitytracker.com/id/1029679
https://xenbits.xen.org/xsa/advisory-83.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/90649
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU42105
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2014-1666
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.1.5 - 4.3.1
CPE2.3- cpe:2.3:a:xen_project:xen:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.2.2:*:*:*:*:*:*:*
https://lists.fedoraproject.org/pipermail/package-announce/2014-February/127580.html
https://lists.fedoraproject.org/pipermail/package-announce/2014-February/127607.html
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html
https://osvdb.org/102536
https://secunia.com/advisories/56650
https://security.gentoo.org/glsa/glsa-201407-03.xml
https://support.citrix.com/article/CTX200288
https://www.openwall.com/lists/oss-security/2014/01/24/6
https://www.securityfocus.com/bid/65125
https://www.securitytracker.com/id/1029684
https://xenbits.xen.org/xsa/advisory-87.html
https://xenbits.xen.org/xsa/xsa87-unstable-4.3.patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/90675
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU42207
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2013-4553
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.
The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock).
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 3.4.0 - 4.3.1
CPE2.3- cpe:2.3:a:xen_project:xen:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:3.4.2:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
https://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html
https://security.gentoo.org/glsa/glsa-201407-03.xml
https://www.debian.org/security/2014/dsa-3006
https://www.openwall.com/lists/oss-security/2013/11/26/8
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU42208
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2013-4554
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to read and manipulate data.
Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 3.0.3 - 4.3.1
CPE2.3- cpe:2.3:a:xen_project:xen:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:3.1.3:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
https://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
https://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html
https://rhn.redhat.com/errata/RHSA-2014-0285.html
https://security.gentoo.org/glsa/glsa-201407-03.xml
https://www.openwall.com/lists/oss-security/2013/11/26/9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU42234
Risk: Medium
CVSSv4.0: 5.2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2013-6400
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.2.0 - 4.3.1
CPE2.3- cpe:2.3:a:xen_project:xen:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.2.2:*:*:*:*:*:*:*
https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125081.html
https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125111.html
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html
https://lists.xen.org/archives/html/xen-announce/2013-12/msg00002.html
https://secunia.com/advisories/55932
https://security.gentoo.org/glsa/glsa-201407-03.xml
https://www.openwall.com/lists/oss-security/2013/12/10/7
https://www.securitytracker.com/id/1029468
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU42364
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2013-4551
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution."
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.2.0 - 4.3.1
CPE2.3- cpe:2.3:a:xen_project:xen:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.2.2:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html
https://secunia.com/advisories/55398
https://security.gentoo.org/glsa/glsa-201407-03.xml
https://www.openwall.com/lists/oss-security/2013/11/11/1
https://www.securityfocus.com/bid/63625
https://www.securitytracker.com/id/1029313
https://exchange.xforce.ibmcloud.com/vulnerabilities/88649
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU42405
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2013-4416
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.
The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.1.0 - 4.3.1
CPE2.3- cpe:2.3:a:xen_project:xen:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.1.2:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html
https://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html
https://osvdb.org/99072
https://security.gentoo.org/glsa/glsa-201407-03.xml
https://www.openwall.com/lists/oss-security/2013/10/29/5
https://www.securityfocus.com/bid/63404
https://www.securitytracker.com/id/1029264
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
