CVE-2014-8594

EPSS 1.88%
Published 19.11.2014 18:59:10
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP).

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Opensuse ≫ Opensuse Version13.1

Opensuse ≫ Opensuse Version13.2

Debian ≫ Debian Linux Version7.0

Xen ≫ Xen Version4.0.0

Xen ≫ Xen Version4.0.1

Xen ≫ Xen Version4.0.2

Xen ≫ Xen Version4.0.3

Xen ≫ Xen Version4.0.4

Xen ≫ Xen Version4.1.0

Xen ≫ Xen Version4.1.1

Xen ≫ Xen Version4.1.2

Xen ≫ Xen Version4.1.3

Xen ≫ Xen Version4.1.4

Xen ≫ Xen Version4.1.5

Xen ≫ Xen Version4.1.6.1

Xen ≫ Xen Version4.2.0

Xen ≫ Xen Version4.2.1

Xen ≫ Xen Version4.2.2

Xen ≫ Xen Version4.2.3

Xen ≫ Xen Version4.3.0

Xen ≫ Xen Version4.3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.88%	0.815

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.4	4.9	6.9	AV:N/AC:H/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://security.gentoo.org/glsa/201504-04

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html

Third Party Advisory

http://secunia.com/advisories/62672

Permissions Required

http://www.debian.org/security/2015/dsa-3140

Third Party Advisory

http://www.securityfocus.com/bid/71149

http://xenbits.xen.org/xsa/advisory-109.html

Patch