Permissions, Privileges, and Access Controls in Xen - CVE-2014-3969

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU41575

Permissions, Privileges, and Access Controls in Xen - CVE-2014-3969

Published: June 5, 2014 / Updated: August 10, 2020


Vulnerability identifier: #VU41575
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2014-3969
CWE-ID: CWE-264
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Xen Project
Affected software:
Xen

Detailed vulnerability description

The vulnerability allows a remote #AU# to execute arbitrary code.

Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors.


How to mitigate CVE-2014-3969

Install update from vendor's website.

Sources