Lucene search

PRIOn knowledge basePRION:CVE-2014-9030

HistoryNov 24, 2014 - 3:59 p.m.

Code injection

2014-11-2415:59:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.9%

JSON

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.

CPENameOperatorVersion
debian_linuxeq7.0
opensuseeq13.1
opensuseeq13.2
xeneq3.2.0
xeneq4.1.5
xeneq3.2.1
xeneq4.2.2
xeneq4.2.3
xeneq3.4.0
xeneq4.3.0

Name	Operator	Version
debian_linux	eq	7.0
opensuse	eq	13.1
opensuse	eq	13.2
xen	eq	3.2.0
xen	eq	4.1.5
xen	eq	3.2.1
xen	eq	4.2.2
xen	eq	4.2.3
xen	eq	3.4.0
xen	eq	4.3.0

Rows per page:

1-10 of 351

References

lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html

lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html

secunia.com/advisories/62672

www.debian.org/security/2015/dsa-3140

www.securityfocus.com/bid/71207

xenbits.xen.org/xsa/advisory-113.html

exchange.xforce.ibmcloud.com/vulnerabilities/98853

security.gentoo.org/glsa/201504-04