User: Password:
|
|
Subscribe / Log in / New account

xen: denial of service

Package(s):xen CVE #(s):CVE-2014-1642 CVE-2014-1666
Created:January 27, 2014 Updated:February 3, 2014
Description: From the Xen advisories:

[XSA-82]: AMD CPU erratum 793 "Specific Combination of Writes to Write Combined Memory Types and Locked Instructions May Cause Core Hang" describes a situation under which a CPU core may hang.

A malicious guest administrator can mount a denial of service attack affecting the whole system. (CVE-2013-6885)

[XSA-87]: The PHYSDEVOP_{prepare,release}_msix operations are supposed to be available to privileged guests (domain 0 in non-disaggregated setups) only, but the necessary privilege check was missing.

Malicious or misbehaving unprivileged guests can cause the host or other guests to malfunction. This can result in host-wide denial of service. Privilege escalation, while seeming to be unlikely, cannot be excluded. (CVE-2014-1666)

Alerts:
Gentoo 201407-03 xen 2014-07-16
openSUSE openSUSE-SU-2014:0483-1 xen 2014-04-04
SUSE SUSE-SU-2014:0373-1 Xen 2014-03-14
SUSE SUSE-SU-2014:0372-1 Xen 2014-03-14
CentOS CESA-2014:X002 xen 2014-01-25
Fedora FEDORA-2014-1559 xen 2014-02-03
Fedora FEDORA-2014-1552 xen 2014-02-03

(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds