CVE-2014-2986 — Improper Input Validation in XEN

CWE-20 — Improper Input Validation6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 56.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedApr 28

Latest updateMay 14

Description

The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 5.1 | Impact: 6.9

Affected Packages3 packages

▶Ubuntuxen/xen< 4.4.0-0ubuntu5.1

▶NVDxen/xen4.4.0

▶debiandebian/xen

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-6vcv-9gqw-j68m: The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic↗2022-05-14

▶

OSV

CVE-2014-2986: The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic↗2014-04-28

▶

💥Exploits & PoCs

Exploit-DB

ProjectSend r-561 - Arbitrary File Upload↗2014-12-02

▶

📋Vendor Advisories

Debian

CVE-2014-2986: xen - The vgic_distr_mmio_write function in the virtual guest interrupt controller (GI...↗2014

▶

Red Hat

CVE-2014-2986: The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic↗

▶