#VU41716 Permissions, Privileges, and Access Controls in Xen - CVE-2014-3124

Cybersecurity Help s.r.o.

Published: 2014-05-07 | Updated: 2020-08-10

Vulnerability identifier: #VU41716

Vulnerability risk: Medium

CVSSv4.0: 4.5 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2014-3124

CWE-ID: CWE-264

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Xen
Server applications / Virtualization software

Vendor: Xen Project

Description

The vulnerability allows a remote #AU# to #BASIC_IMPACT#.

The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Xen: 4.1.0 - 4.4.0

External links
https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133148.html
https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133191.html
https://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
https://security.gentoo.org/glsa/glsa-201407-03.xml
https://www.debian.org/security/2014/dsa-3006
https://www.openwall.com/lists/oss-security/2014/04/29/1
https://www.openwall.com/lists/oss-security/2014/04/30/10
https://www.securityfocus.com/bid/67113
https://www.securitytracker.com/id/1030160
https://xenbits.xen.org/xsa/advisory-92.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Xen