CVE-2014-3125 — XEN vulnerability

CWE-26412 documents6 sources

Severity

6.2MEDIUMNVD

EPSS

0.3%

top 46.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedMay 2

Latest updateMay 14

Description

Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors.

CVSS vector

AV:A/AC:L/C:N/I:P/A:CExploitability: 5.1 | Impact: 7.8

Affected Packages3 packages

▶Ubuntuxen/xen< 4.4.0-0ubuntu5.1

▶NVDxen/xen4.4.0

▶debiandebian/xen

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-r57q-666q-xr8j: Xen 4↗2022-05-14

▶

OSV

CVE-2014-3125: Xen 4↗2014-05-02

▶