CVE-2014-5147 — XEN vulnerability

CWE-2645 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 56.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedAug 29

Latest updateMay 14

Description

Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process.

CVSS vector

AV:A/AC:H/C:N/I:N/A:CExploitability: 2.5 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.4.1-1 (bookworm)

▶Debianxen/xen< 4.4.1-1+3

▶NVDxen/xen4.4.0

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-hjw2-33xq-777m: Xen 4↗2022-05-14

▶

OSV

CVE-2014-5147: Xen 4↗2014-08-29

▶

📋Vendor Advisories

Debian

CVE-2014-5147: xen - Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly hand...↗2014

▶

Red Hat

CVE-2014-5147: Xen 4↗

▶