Published: 01/04/2014 Updated: 07/01/2017

CVSS v2 Base Score: 5.2 | Impact Score: 6.9 | Exploitability Score: 4.4

VMScore: 463

Vector: AV:A/AC:M/Au:S/C:N/I:N/A:C

Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and previous versions, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen 3.2.0
xen xen 3.2.1
xen xen 3.4.1
xen xen 3.4.2
xen xen 4.1.4
xen xen 4.1.5
xen xen 3.2.2
xen xen 3.2.3
xen xen 3.4.3
xen xen 3.4.4
xen xen 4.1.6.1
xen xen 4.2.0
xen xen 4.2.1
xen xen 3.3.2
xen xen 3.4.0
xen xen 4.1.2
xen xen 4.1.3
xen xen 4.3.1
xen xen
xen xen 3.3.0
xen xen 3.3.1
xen xen 4.1.0
xen xen 4.1.1
xen xen 4.2.2
xen xen 4.2.3

Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 43x, 42x, 41x, 32x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-20 ...

CWE-189 http://www.openwall.com/lists/oss-security/2014/02/07/12 http://xenbits.xen.org/xsa/advisory-84.html http://www.openwall.com/lists/oss-security/2014/02/07/4 http://www.openwall.com/lists/oss-security/2014/02/10/8 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html http://security.gentoo.org/glsa/glsa-201407-03.xml https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-1891

CVE-2014-1891

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect