Vulnerability Description
Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | 4.2.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html
- http://security.gentoo.org/glsa/glsa-201407-03.xml
- http://www.openwall.com/lists/oss-security/2014/02/07/12
- http://www.openwall.com/lists/oss-security/2014/02/10/6
- http://xenbits.xen.org/xsa/advisory-85.htmlPatchVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html
- http://security.gentoo.org/glsa/glsa-201407-03.xml
- http://www.openwall.com/lists/oss-security/2014/02/07/12
- http://www.openwall.com/lists/oss-security/2014/02/10/6
- http://xenbits.xen.org/xsa/advisory-85.htmlPatchVendor Advisory
FAQ
What is CVE-2014-1895?
CVE-2014-1895 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial...
How severe is CVE-2014-1895?
CVE-2014-1895 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1895?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.