Main Vulnerability Database SB2014102307

SB2014102307 - Permissions, Privileges, and Access Controls in xen (Alpine package)

Published: October 23, 2014

Security Bulletin ID SB2014102307

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-7156)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=165a0d9b481514e81fffcc8b06737253ba8882e0
https://git.alpinelinux.org/aports/commit/?id=b4cec285f5436041695c718489cd39d28dfd68dd