CVE-2014-1892Improper Restriction of Operations within the Bounds of a Memory Buffer in XEN

CWE-189CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-190Integer Overflow or Wraparound17 documents5 sources
Severity
5.2MEDIUMNVD
EPSS
0.3%
top 49.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XENDebian XEN
Timeline
PublishedApr 1
Latest updateMay 17

Description

Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894.

CVSS vector

AV:A/AC:M/C:N/I:N/A:CExploitability: 4.4 | Impact: 6.9

Affected Packages2 packages

NVDxen/xen4.1.6.1+36
debiandebian/xen

Patches

Patch: xenbits.xen.orgPatch: xenbits.xen.org

🔴Vulnerability Details

4
GHSA
GHSA-4jpf-c3p7-8jx7: Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hyperc2022-05-17
GHSA
GHSA-956j-9v4c-m8hh: Xen 32022-05-17
GHSA
GHSA-q494-cp95-c73f: Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 32022-05-17
GHSA
GHSA-f8qr-cw4c-jcj3: Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 42022-05-17

📋Vendor Advisories

8
Red Hat
xen: integer overflow in several XSM/Flask hypercalls (xsa-84)2014-02-06
Red Hat
xen: integer overflow in several XSM/Flask hypercalls (xsa-84)2014-02-06
Red Hat
xen: integer overflow in several XSM/Flask hypercalls (xsa-84)2014-02-06
Red Hat
xen: integer overflow in several XSM/Flask hypercalls (xsa-84)2014-02-06
Debian
CVE-2014-1894: xen - Multiple integer overflows in unspecified suboperations in the flask hypercall i...2014

💬Community

1
Bugzilla
CVE-2014-1891 CVE-2014-1892 CVE-2014-1893 CVE-2014-1894 xen: integer overflow in several XSM/Flask hypercalls (xsa-84)2014-02-06