CVE-2014-1895 — Off-by-one Error in XEN

CWE-189 CWE-193 — Off-by-one Error6 documents6 sources

Severity

5.8MEDIUMNVD

EPSS

0.1%

top 71.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedApr 1

Latest updateMay 17

Description

Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.

CVSS vector

AV:A/AC:M/C:P/I:N/A:CExploitability: 4.4 | Impact: 7.8

Affected Packages3 packages

▶debiandebian/xen< xen 4.4.0-1 (bookworm)

▶Debianxen/xen< 4.4.0-1+3

▶NVDxen/xen6 versions+5

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-h86q-v7x4-qx4x: Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op↗2022-05-17

▶

OSV

CVE-2014-1895: Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op↗2014-04-01

▶

📋Vendor Advisories

Red Hat

xen: Off-by-one error in FLASK_AVC_CACHESTAT hypercall (xsa-85)↗2014-02-06

▶

Debian

CVE-2014-1895: xen - Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flas...↗2014

▶

💬Community

Bugzilla

CVE-2014-1895 xen: Off-by-one error in FLASK_AVC_CACHESTAT hypercall (xsa-85)↗2014-02-06

▶