SB2014122604 - Gentoo update for Xen
Published: December 26, 2014 Updated: September 25, 2016
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Race condition (CVE-ID: CVE-2014-7154)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-7155)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-7156)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors.
4) Resource management error (CVE-ID: CVE-2014-7188)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors.
Remediation
Install update from vendor's website.