CVE-2014-3968 — XEN vulnerability

7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 40.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Opensuse

Timeline

PublishedJun 5

Latest updateMay 14

Description

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 5.1 | Impact: 6.9

Affected Packages4 packages

▶debiandebian/xen< xen 4.4.1-1 (bookworm)

▶Debianxen/xen< 4.4.1-1+3

▶NVDxen/xen7 versions+6

▶NVDopensuse/opensuse12.3, 13.1+1

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-mjcm-fr5w-j5f8: The HVMOP_inject_msi function in Xen 4↗2022-05-14

▶

OSV

CVE-2014-3968: The HVMOP_inject_msi function in Xen 4↗2014-06-05

▶

📋Vendor Advisories

Red Hat

xen: Vulnerabilities in HVM MSI injection (XSA-96)↗2014-06-03

▶

Debian

CVE-2014-3968: xen - The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest ...↗2014

▶

💬Community

Bugzilla

CVE-2014-3967 CVE-2014-3968 xen: Vulnerabilities in HVM MSI injection (XSA-96) [fedora-all]↗2014-06-04

▶

Bugzilla

CVE-2014-3967 CVE-2014-3968 xen: Vulnerabilities in HVM MSI injection (XSA-96)↗2014-05-28

▶