SB2014092302 - Fedora 21 update for xen 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2014092302

SB2014092302 - Fedora 21 update for xen

Published: September 23, 2014 Updated: April 24, 2025

Security Bulletin ID SB2014092302
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Adjecent network
Highest impact Denial of service

Breakdown by Severity

Medium 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Race condition (CVE-ID: CVE-2014-7154)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.


2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-7155)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction.


3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-7156)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors.


Remediation

Install update from vendor's website.

References