Vulnerability Details : CVE-2014-5148
Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2014-5148
- cpe:2.3:a:xen:xen:4.4.1:*:*:*:*:*:x64:*
- cpe:2.3:o:xen:xen:4.4.0:-:*:*:*:*:x64:*
Exploit prediction scoring system (EPSS) score for CVE-2014-5148
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-5148
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
CWE ids for CVE-2014-5148
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-5148
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95233
Xen system register denial of service CVE-2014-5148 Vulnerability Report
-
http://xenbits.xenproject.org/xsa/advisory-103.html
XSA-103 - Xen Security AdvisoriesPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/69189
Xen CVE-2014-5147 Local Denial of Service Vulnerability
-
http://www.securitytracker.com/id/1030725
Xen Lets Local Users on a Guest System Deny Service or Gain Elevated Privileges on the Guest System - SecurityTracker
Jump to