[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-1896Date: (C)2014-04-25   (M)2023-12-22


The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.9
Exploit Score: 4.4
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: ADJACENT_NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
GLSA-201407-03
SUSE-SU-2014:0373
http://www.openwall.com/lists/oss-security/2014/02/07/12
http://www.openwall.com/lists/oss-security/2014/02/10/7
http://xenbits.xen.org/xsa/advisory-86.html
http://xenbits.xen.org/xsa/xsa86.patch

CPE    7
cpe:/o:xen:xen:4.2.3
cpe:/o:xen:xen:4.2.2
cpe:/o:xen:xen:4.3.1
cpe:/o:xen:xen:4.2.1
...
CWE    1
CWE-20
OVAL    26
oval:org.secpod.oval:def:106460
oval:org.secpod.oval:def:106387
oval:org.secpod.oval:def:106450
oval:org.secpod.oval:def:106411
...

© SecPod Technologies