Multiple vulnerabilities in Xen
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 14 |
| CVE-ID | CVE-2014-5147 CVE-2014-4022 CVE-2014-4021 CVE-2014-3969 CVE-2014-3714 CVE-2014-3715 CVE-2014-3716 CVE-2014-3717 CVE-2014-3124 CVE-2014-3125 CVE-2014-2986 CVE-2014-2915 CVE-2014-1896 CVE-2014-2599 |
| CWE-ID | CWE-264 CWE-200 CWE-119 CWE-20 CWE-476 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Xen Server applications / Virtualization software |
| Vendor | Xen Project |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU41361
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-5147
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.
Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.4.0
CPE2.3 External linkshttps://www.securitytracker.com/id/1030724
https://xenbits.xen.org/xsa/advisory-102.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU41491
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-4022
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to gain access to sensitive information.
The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOP_setup_table subhypercall.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.4.0
CPE2.3 External linkshttps://secunia.com/advisories/59523
https://www.securityfocus.com/bid/68184
https://www.securitytracker.com/id/1030471
https://xenbits.xen.org/xsa/advisory-101.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU41543
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-4021
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to gain access to sensitive information.
Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 3.2.0 - 4.4.0
CPE2.3- cpe:2.3:a:xen_project:xen:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:3.2.2:*:*:*:*:*:*:*
https://linux.oracle.com/errata/ELSA-2014-0926.html
https://linux.oracle.com/errata/ELSA-2014-0926-1.html
https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135068.html
https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135071.html
https://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
https://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
https://secunia.com/advisories/59208
https://secunia.com/advisories/60027
https://secunia.com/advisories/60130
https://secunia.com/advisories/60471
https://security.gentoo.org/glsa/glsa-201407-03.xml
https://support.citrix.com/article/CTX140984
https://www.debian.org/security/2014/dsa-3006
https://www.securityfocus.com/bid/68070
https://www.securitytracker.com/id/1030442
https://xenbits.xen.org/xsa/advisory-100.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU41575
Risk: Medium
CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-3969
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to execute arbitrary code.
Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.4.0
CPE2.3 External linkshttps://secunia.com/advisories/58975
https://www.openwall.com/lists/oss-security/2014/06/04/14
https://www.securityfocus.com/bid/67819
https://www.securitytracker.com/id/1030333
https://xenbits.xen.org/xsa/advisory-98.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU41658
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-3714
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.4.0
CPE2.3 External linkshttps://www.openwall.com/lists/oss-security/2014/05/14/4
https://www.openwall.com/lists/oss-security/2014/05/15/6
https://www.openwall.com/lists/oss-security/2014/05/16/1
https://www.securitytracker.com/id/1030252
https://xenbits.xen.org/xsa/advisory-95.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU41659
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-3715
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.4.0
CPE2.3 External linkshttps://www.openwall.com/lists/oss-security/2014/05/14/4
https://www.openwall.com/lists/oss-security/2014/05/15/6
https://www.openwall.com/lists/oss-security/2014/05/16/1
https://www.securitytracker.com/id/1030252
https://xenbits.xen.org/xsa/advisory-95.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU41660
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-3716
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.4.0
CPE2.3 External linkshttps://www.openwall.com/lists/oss-security/2014/05/14/4
https://www.openwall.com/lists/oss-security/2014/05/15/6
https://www.openwall.com/lists/oss-security/2014/05/16/1
https://www.securitytracker.com/id/1030252
https://xenbits.xen.org/xsa/advisory-95.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU41661
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-3717
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.4.0
CPE2.3 External linkshttps://www.openwall.com/lists/oss-security/2014/05/14/4
https://www.openwall.com/lists/oss-security/2014/05/15/6
https://www.openwall.com/lists/oss-security/2014/05/16/1
https://www.securitytracker.com/id/1030252
https://xenbits.xen.org/xsa/advisory-95.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU41716
Risk: Medium
CVSSv4.0: 4.5 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-3124
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to #BASIC_IMPACT#.
The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.1.0 - 4.4.0
CPE2.3- cpe:2.3:a:xen_project:xen:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.1.2:*:*:*:*:*:*:*
https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133148.html
https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133191.html
https://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
https://security.gentoo.org/glsa/glsa-201407-03.xml
https://www.debian.org/security/2014/dsa-3006
https://www.openwall.com/lists/oss-security/2014/04/29/1
https://www.openwall.com/lists/oss-security/2014/04/30/10
https://www.securityfocus.com/bid/67113
https://www.securitytracker.com/id/1030160
https://xenbits.xen.org/xsa/advisory-92.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU41729
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-3125
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to damange or delete data.
Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.4.0
CPE2.3 External linkshttps://secunia.com/advisories/58347
https://www.openwall.com/lists/oss-security/2014/04/30/11
https://www.openwall.com/lists/oss-security/2014/04/30/5
https://www.securityfocus.com/bid/67157
https://www.securitytracker.com/id/1030184
https://xenbits.xen.org/xsa/advisory-91.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU41748
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-2986
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via unspecified vectors.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsXen: 4.4.0
CPE2.3 External linkshttps://www.openwall.com/lists/oss-security/2014/04/23/3
https://www.openwall.com/lists/oss-security/2014/04/23/4
https://www.openwall.com/lists/oss-security/2014/04/23/5
https://www.securityfocus.com/bid/67047
https://www.securitytracker.com/id/1030146
https://xenbits.xen.org/xsa/advisory-94.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU41754
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-2915
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.
Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vectors, related to (1) cache control, (2) coprocessors, (3) debug registers, and (4) other unspecified registers.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.4.0
CPE2.3 External linkshttps://www.openwall.com/lists/oss-security/2014/04/22/10
https://www.openwall.com/lists/oss-security/2014/04/23/2
https://www.securitytracker.com/id/1030135
https://xenbits.xen.org/xsa/advisory-93.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU41862
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-1896
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to read and manipulate data.
The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring."
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.2.0 - 4.4.0
CPE2.3- cpe:2.3:a:xen_project:xen:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.2.2:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html
https://security.gentoo.org/glsa/glsa-201407-03.xml
https://www.openwall.com/lists/oss-security/2014/02/07/12
https://www.openwall.com/lists/oss-security/2014/02/10/7
https://xenbits.xen.org/xsa/advisory-86.html
https://xenbits.xen.org/xsa/xsa86.patch
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU41882
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-2599
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.1.0 - 4.4.0
CPE2.3- cpe:2.3:a:xen_project:xen:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.1.2:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
https://security.gentoo.org/glsa/glsa-201407-03.xml
https://www.debian.org/security/2014/dsa-3006
https://www.openwall.com/lists/oss-security/2014/03/25/1
https://www.openwall.com/lists/oss-security/2014/03/25/2
https://www.securityfocus.com/bid/66407
https://www.securitytracker.com/id/1029956
https://xenbits.xen.org/xsa/advisory-89.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
