CVE-2014-3967

Severity

55%

Complexity

51%

Confidentiality

115%

Per: http://cwe.mitre.org/data/definitions/476.html "CWE-476: NULL Pointer Dereference"

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.

Per: http://cwe.mitre.org/data/definitions/476.html "CWE-476: NULL Pointer Dereference"

CVSS 2.0 Base Score 5.5. CVSS Attack Vector: adjacent_network. CVSS Attack Complexity: low. CVSS Vector: (AV:A/AC:L/Au:S/C:N/I:N/A:C).

Overview

First reported 10 years ago

2014-06-05 20:55:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

Xen 4.2.0

4.2.0

Xen 4.2.1

4.2.1

Xen 4.2.2

4.2.2

Xen 4.2.3

4.2.3

Xen Xen 4.4.0

4.4.0

Xen 4.4.0 release candidate 1

4.4.0

OpenSUSE 12.3

12.3

OpenSUSE 13.1

13.1

Xen Xen 4.3.0

4.3.0

Xen 4.3.1

4.3.1

References

FEDORA-2014-7423

FEDORA-2014-7408

openSUSE-SU-2014:1279

openSUSE-SU-2014:1281

[oss-security] 20140604 Re: Xen Security Advisory 96 - Vulnerabilities in HVM MSI injection

67794

1030322

http://xenbits.xen.org/xsa/advisory-96.html

Patch, Vendor Advisory

GLSA-201504-04

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.