CVE-2014-1895

Severity

57%

Complexity

44%

Confidentiality

130%

Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.

Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.

CVSS 2.0 Base Score 5.8. CVSS Attack Vector: adjacent_network. CVSS Attack Complexity: medium. CVSS Vector: (AV:A/AC:M/Au:S/C:P/I:N/A:C).

Overview

Type

Xen

First reported 10 years ago

2014-04-01 06:35:00

Last updated 8 years ago

2017-01-07 02:59:00

Affected Software

Xen 4.2.0

4.2.0

Xen 4.2.1

4.2.1

Xen 4.2.2

4.2.2

Xen 4.2.3

4.2.3

Xen Xen 4.3.0

4.3.0

Xen 4.3.1

4.3.1

References

SUSE-SU-2014:0373

GLSA-201407-03

[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls

[oss-security] 20140210 Xen Security Advisory 85 (CVE-2014-1895) - Off-by-one error in FLASK_AVC_CACHESTAT hypercall

http://xenbits.xen.org/xsa/advisory-85.html

Patch, Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.