Vulnerability Details : CVE-2014-7188
The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors.
Vulnerability category: Denial of service
Products affected by CVE-2014-7188
- cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.4.1:-:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-7188
0.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-7188
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.3
|
HIGH | AV:A/AC:L/Au:N/C:C/I:C/A:C |
6.5
|
10.0
|
NIST |
CWE ids for CVE-2014-7188
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-7188
-
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
[security-announce] openSUSE-SU-2014:1279-1: important: xen: security an
-
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
[security-announce] openSUSE-SU-2014:1281-1: important: xen: security an
-
http://xenbits.xen.org/xsa/advisory-108.html
XSA-108 - Xen Security AdvisoriesPatch;Vendor Advisory
-
http://support.citrix.com/article/CTX201794
Citrix NetScaler Service Delivery Appliance Multiple Security Updates
-
http://www.securitytracker.com/id/1030936
Xen x2APIC Emulation Flaw Lets Local Guest Systems Obtain Data from Other Guest Systems or the Host System - SecurityTracker
-
http://support.citrix.com/article/CTX200218
Citrix XenServer Multiple Security Updates
-
http://www.debian.org/security/2014/dsa-3041
Debian -- Security Information -- DSA-3041-1 xen
-
http://secunia.com/advisories/61890
Sign in
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140199.html
[SECURITY] Fedora 21 Update: xen-4.4.1-6.fc21
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html
[SECURITY] Fedora 20 Update: xen-4.3.3-3.fc20
-
http://www.securityfocus.com/bid/70198
Xen CVE-2014-7188 Denial of Service Vulnerability
-
http://security.gentoo.org/glsa/glsa-201412-42.xml
Xen: Denial of Service (GLSA 201412-42) — Gentoo security
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/96785
Xen MSR range denial of service CVE-2014-7188 Vulnerability Report
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html
[SECURITY] Fedora 19 Update: xen-4.2.5-3.fc19
-
http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf
Jump to