Vulnerability Description
Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Fedora | 19 |
| Debian | Debian Linux | 7.0 |
| Xen | Xen | 4.1.0 |
| Opensuse | Opensuse | 12.3 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.htThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.htThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.htmlThird Party Advisory
- http://secunia.com/advisories/61501
- http://secunia.com/advisories/61890
- http://security.gentoo.org/glsa/glsa-201412-42.xml
- http://www.debian.org/security/2014/dsa-3041Third Party Advisory
- http://www.securitytracker.com/id/1030887Third Party AdvisoryVDB Entry
- http://xenbits.xen.org/xsa/advisory-104.htmlPatchVendor Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.htThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.htThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.htmlThird Party Advisory
- http://secunia.com/advisories/61501
FAQ
What is CVE-2014-7154?
CVE-2014-7154 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a de...
How severe is CVE-2014-7154?
CVE-2014-7154 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-7154?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Debian Debian Linux, Xen Xen, Opensuse Opensuse.