CVE-2014-5148

EPSS 0.16%
Veröffentlicht 26.10.2014 20:55:03
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xen ≫ Xen Version4.4.1 HwPlatformx64

Xen ≫ Xen Version4.4.0 Update- HwPlatformx64

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.37

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/59934

http://www.securityfocus.com/bid/69189

http://www.securitytracker.com/id/1030725

http://xenbits.xenproject.org/xsa/advisory-103.html

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/95233

https://nvd.nist.gov/vuln/detail/CVE-2014-5148

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-5148

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-5148

EUVD