Published: 01/04/2014 Updated: 07/01/2017

CVSS v2 Base Score: 5.2 | Impact Score: 6.9 | Exploitability Score: 4.4

VMScore: 463

Vector: AV:A/AC:M/Au:S/C:N/I:N/A:C

Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and previous versions, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen 3.2.2
xen xen 3.2.3
xen xen 3.4.3
xen xen 3.4.4
xen xen 4.1.1
xen xen 4.1.2
xen xen 3.2.0
xen xen 3.2.1
xen xen 3.4.1
xen xen 3.4.2
xen xen 4.0.4
xen xen 4.1.0
xen xen 3.3.2
xen xen 3.4.0
xen xen 4.0.2
xen xen 4.0.3
xen xen
xen xen 3.3.0
xen xen 3.3.1
xen xen 4.0.0
xen xen 4.0.1
xen xen 4.1.3
xen xen 4.1.4
xen xen 4.1.5

Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 41x, 33x, 32x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894 ...

CWE-189 http://www.openwall.com/lists/oss-security/2014/02/07/12 http://xenbits.xen.org/xsa/advisory-84.html http://www.openwall.com/lists/oss-security/2014/02/07/4 http://www.openwall.com/lists/oss-security/2014/02/10/8 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html http://security.gentoo.org/glsa/glsa-201407-03.xml https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-1893

CVE-2014-1893

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect