CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

XEN : Security Vulnerabilities Published In 2014 (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-7188 399 DoS 2014-10-02 2014-10-16
8.3
None Local Network Low Not required Complete Complete Complete
The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors.
2 CVE-2014-7156 264 DoS 2014-10-02 2014-10-16
3.3
None Local Network Low Not required None None Partial
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors.
3 CVE-2014-7155 264 DoS +Priv 2014-10-02 2014-10-16
5.8
None Local Network Low Not required Partial Partial Partial
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction.
4 CVE-2014-7154 362 DoS 2014-10-02 2014-10-16
6.1
None Local Network Low Not required None None Complete
Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.
5 CVE-2014-5149 399 DoS 2014-08-22 2014-08-27
4.7
None Local Medium Not required None None Complete
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146.
6 CVE-2014-5147 264 DoS 2014-08-29 2014-09-02
4.3
None Local Network High Single system None None Complete
Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process.
7 CVE-2014-5146 399 DoS 2014-08-22 2014-08-27
4.7
None Local Medium Not required None None Complete
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149.
8 CVE-2014-3968 DoS 2014-06-05 2014-07-17
5.5
None Local Network Low Single system None None Complete
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.
9 CVE-2014-3967 DoS 2014-06-05 2014-07-17
5.5
None Local Network Low Single system None None Complete
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
10 CVE-2014-3717 20 DoS Overflow 2014-05-19 2014-06-13
3.3
None Local Medium Not required Partial None Partial
Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow.
11 CVE-2014-3716 20 DoS 2014-05-19 2014-06-13
1.9
None Local Medium Not required None None Partial
Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel.
12 CVE-2014-3715 119 DoS Overflow 2014-05-19 2014-06-13
3.3
None Local Medium Not required Partial None Partial
Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB.
13 CVE-2014-3714 20 DoS Overflow 2014-05-19 2014-06-13
3.3
None Local Medium Not required Partial None Partial
The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow.
14 CVE-2014-3124 264 DoS Exec Code 2014-05-07 2014-06-18
6.7
None Local Network Low Single system Partial Partial Complete
The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types.
15 CVE-2014-2986 20 DoS 2014-04-28 2014-04-29
5.5
None Local Network Low Single system None None Complete
The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors.
16 CVE-2014-2915 264 DoS 2014-04-24 2014-04-24
5.5
None Local Network Low Single system None None Complete
Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vectors, related to (1) cache control, (2) coprocessors, (3) debug registers, and (4) other unspecified registers.
17 CVE-2014-2599 20 DoS 2014-03-28 2014-03-31
4.9
None Local Low Not required None None Complete
The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input.
18 CVE-2014-2580 399 DoS 2014-04-15 2014-04-16
4.4
None Local Medium Single system None None Complete
The netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq context, allows local guest administrators to cause a denial of service ("scheduling while atomic" error and host crash) via a malformed packet, which causes a mutex to be taken when trying to disable the interface.
19 CVE-2014-1950 399 DoS +Priv 2014-02-14 2014-04-19
4.6
None Local Low Not required Partial Partial Partial
Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors.
20 CVE-2014-1896 20 DoS +Priv 2014-04-01 2014-04-19
4.9
None Local Network Medium Single system Partial Partial Partial
The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring."
21 CVE-2014-1895 189 DoS +Info 2014-04-01 2014-04-19
5.8
None Local Network Medium Single system Partial None Complete
Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.
22 CVE-2014-1894 189 DoS Overflow 2014-04-01 2014-04-19
5.2
None Local Network Medium Single system None None Complete
Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893.
23 CVE-2014-1893 189 DoS Overflow 2014-04-01 2014-04-19
5.2
None Local Network Medium Single system None None Complete
Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894.
24 CVE-2014-1892 119 DoS Overflow 2014-04-01 2014-04-19
5.2
None Local Network Medium Single system None None Complete
Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894.
25 CVE-2014-1891 189 DoS Overflow 2014-04-01 2014-04-19
5.2
None Local Network Medium Single system None None Complete
Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894.
26 CVE-2014-1666 264 DoS +Priv 2014-01-26 2014-04-19
8.3
None Local Network Low Not required Complete Complete Complete
The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.
27 CVE-2014-1642 399 DoS Exec Code Mem. Corr. 2014-01-26 2014-04-19
4.4
None Local Medium Not required Partial Partial Partial
The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free.
28 CVE-2013-4375 399 DoS 2014-01-19 2014-03-05
2.7
None Local Network Low Single system None None Partial
The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors.
29 CVE-2011-3346 119 DoS Overflow 2014-04-01 2014-04-01
4.0
None Local High Not required None None Complete
Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs.
30 CVE-2011-1936 DoS 2014-01-07 2014-02-25
4.6
None Local Network High Not required None None Complete
Xen, when using x86 Intel processors and the VMX virtualization extension is enabled, does not properly handle cpuid instruction emulation when exiting the VM, which allows local guest users to cause a denial of service (guest crash) via unspecified vectors.
31 CVE-2011-1780 20 DoS 2014-01-07 2014-01-08
6.1
None Local Network Low Not required None None Complete
The instruction emulation in Xen 3.0.3 allows local SMP guest users to cause a denial of service (host crash) by replacing the instruction that causes the VM to exit in one thread with a different instruction in a different thread.
32 CVE-2011-1763 DoS +Priv 2014-01-07 2014-01-08
7.7
None Local Network Low Single system Complete Complete Complete
The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service or possibly gain privileges via unspecified vectors involving a new event channel port.
33 CVE-2011-1166 20 DoS 2014-01-07 2014-01-08
5.5
None Local Network Low Single system None None Complete
Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables.
Total number of vulnerabilities : 33   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.