CVE-2014-1950 : Use-after-free vulnerability in the xc_cpupool

Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors.

Published 2014-02-14 15:55:07

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Products affected by CVE-2014-1950

XEN » XEN » Version: 4.1.1
cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 4.2.0
cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 4.1.2
cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 4.1.3
cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 4.1.4
cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 4.2.1
cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 4.2.2
cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 4.1.5
cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 4.2.3
cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 4.3.0
cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 4.3.1
cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 4.1.6.1
cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-1950

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-1950

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-1950

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-1950

http://www.openwall.com/lists/oss-security/2014/02/12/17

oss-security - Xen Security Advisory 88 (CVE-2014-1950) - use-after-free in xc_cpupool_getinfo() under memory pressure
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html

[security-announce] SUSE-SU-2014:0373-1: important: Security update for

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html

[security-announce] SUSE-SU-2014:0372-1: important: Security update for

CVEs referencing this url
http://www.debian.org/security/2014/dsa-3006

Debian -- Security Information -- DSA-3006-1 xen

CVEs referencing this url
http://xenbits.xen.org/xsa/advisory-88.html

XSA-88 - Xen Security Advisories
Vendor Advisory

Jump to

Vulnerability Details : CVE-2014-1950

Products affected by CVE-2014-1950

Exploit prediction scoring system (EPSS) score for CVE-2014-1950

CVSS scores for CVE-2014-1950

CWE ids for CVE-2014-1950

References for CVE-2014-1950