DSA-3140-1 xen -- xenID: oval:org.secpod.oval:def:601935 | Date: (C)2015-01-28 (M)2023-12-07 |
Class: PATCH | Family: unix |
Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation. CVE-2014-8594 Roger Pau Monne and Jan Beulich discovered that incomplete restrictions on MMU update hypercalls may result in privilege escalation. CVE-2014-8595 Jan Beulich discovered that missing privilege level checks in the x86 emulation of far branches may result in privilege escalation. CVE-2014-8866 Jan Beulich discovered that an error in compatibility mode hypercall argument translation may result in denial of service. CVE-2014-8867 Jan Beulich discovered that an insufficient restriction in acceleration support for the "REP MOVS" instruction may result in denial of service. CVE-2014-9030 Andrew Cooper discovered a page reference leak in MMU_MACHPHYS_UPDATE handling, resulting in denial of service.