CVE-2014-3967 — XEN vulnerability

7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 50.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Opensuse

Timeline

PublishedJun 5

Latest updateMay 14

Description

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 5.1 | Impact: 6.9

Affected Packages4 packages

▶debiandebian/xen< xen 4.4.1-1 (bookworm)

▶Debianxen/xen< 4.4.1-1+3

▶NVDxen/xen7 versions+6

▶NVDopensuse/opensuse12.3, 13.1+1

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-hg4x-g82c-qxqj: The HVMOP_inject_msi function in Xen 4↗2022-05-14

▶

OSV

CVE-2014-3967: The HVMOP_inject_msi function in Xen 4↗2014-06-05

▶

📋Vendor Advisories

Red Hat

xen: Vulnerabilities in HVM MSI injection (XSA-96)↗2014-06-03

▶

Debian

CVE-2014-3967: xen - The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly c...↗2014

▶

💬Community

Bugzilla

CVE-2014-3967 CVE-2014-3968 xen: Vulnerabilities in HVM MSI injection (XSA-96) [fedora-all]↗2014-06-04

▶

Bugzilla

CVE-2014-3967 CVE-2014-3968 xen: Vulnerabilities in HVM MSI injection (XSA-96)↗2014-05-28

▶