CVE-2014-6268 — XEN vulnerability

CWE-3997 documents6 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 79.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedJan 12

Latest updateMay 17

Description

The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.4.1-3 (bookworm)

▶Debianxen/xen< 4.4.1-3+3

▶NVDxen/xen4.4.0, 4.4.1+1

🔴Vulnerability Details

GHSA

GHSA-pqpf-jcx3-x4v7: The evtchn_fifo_set_pending function in Xen 4↗2022-05-17

▶

OSV

CVE-2014-6268: The evtchn_fifo_set_pending function in Xen 4↗2015-01-12

▶

📋Vendor Advisories

Red Hat

kernel: xen: Mishandling of uninitialised FIFO-based event channel control blocks (xsa107)↗2014-09-09

▶

Debian

CVE-2014-6268: xen - The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to ca...↗2014

▶

💬Community

Bugzilla

CVE-2014-6268 kernel: xen: Mishandling of uninitialised FIFO-based event channel control blocks (xsa107) [fedora-all]↗2014-09-10

▶

Bugzilla

CVE-2014-6268 kernel: xen: Mishandling of uninitialised FIFO-based event channel control blocks (xsa107)↗2014-09-10

▶