CVE-2014-3124 — XEN vulnerability

CWE-2647 documents6 sources

Severity

6.7MEDIUMNVD

EPSS

0.5%

top 32.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedMay 7

Latest updateMay 14

Description

The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types.

CVSS vector

AV:A/AC:L/C:P/I:P/A:CExploitability: 5.1 | Impact: 8.5

Affected Packages3 packages

▶debiandebian/xen< xen 4.4.1-1 (bookworm)

▶Debianxen/xen< 4.4.1-1+3

▶NVDxen/xen14 versions+13

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-4qq6-r634-f5m4: The HVMOP_set_mem_type control in Xen 4↗2022-05-14

▶

OSV

CVE-2014-3124: The HVMOP_set_mem_type control in Xen 4↗2014-05-07

▶

📋Vendor Advisories

Red Hat

xen: hypervisor: HVMOP_set_mem_type allows invalid P2M entries to be created (XSA-92)↗2014-04-29

▶

Debian

CVE-2014-3124: xen - The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM a...↗2014

▶

💬Community

Bugzilla

CVE-2014-3124 xen: hypervisor: HVMOP_set_mem_type allows invalid P2M entries to be created (XSA-92) [fedora-all]↗2014-05-01

▶

Bugzilla

CVE-2014-3124 xen: hypervisor: HVMOP_set_mem_type allows invalid P2M entries to be created (XSA-92)↗2014-04-16

▶