SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Xen Vendors:   Xen Project
Xen HVMOP_set_mem_type Page Transition Flaw Lets Local Users on the Guest System Cause Denial of Service Conditions on the Host System
SecurityTracker Alert ID:  1030160
SecurityTracker URL:  http://securitytracker.com/id/1030160
CVE Reference:   CVE-2014-3124   (Links to External Site)
Updated:  May 1 2014
Original Entry Date:  Apr 29 2014
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Xen. A local user on the guest operating system can cause denial of service conditions on the host operating system.

A local administrative user on the guest operating system can exploit a flaw in the HVMOP_set_mem_type control operations to transition a page from an invalid memory type, causing denial of service conditions on the target host system.

Systems with HVM guests where device models run with limited privilege (e.g., stubdom device models) are affected.

Jan Beulich reported this vulnerability.

Impact:   A local user on the guest operating system can cause denial of service conditions on the host operating system.
Solution:   The vendor has issued a fix (xsa92-4.1.patch, xsa92-4.2.patch, xsa92.patch).
Vendor URL:  www.xen.org/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC