CVE-2014-7154 — Race Condition in XEN

CWE-362 — Race Condition CWE-667 — Improper Locking7 documents6 sources

Severity

6.1MEDIUMNVD

EPSS

0.7%

top 27.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Debian Linux +2 more

Timeline

PublishedOct 2

Latest updateMay 14

Description

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 6.5 | Impact: 6.9

Affected Packages4 packages

▶debiandebian/xen< xen 4.4.1-3 (bookworm)

▶Debianxen/xen< 4.4.1-3+3

▶NVDxen/xen15 versions+14

▶NVDopensuse/opensuse12.3, 13.1+1

Also affects: Debian Linux 7.0, Fedora 19, 20

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-wch3-7x83-fq5h: Race condition in HVMOP_track_dirty_vram in Xen 4↗2022-05-14

▶

OSV

CVE-2014-7154: Race condition in HVMOP_track_dirty_vram in Xen 4↗2014-10-02

▶

📋Vendor Advisories

Red Hat

kernel: xen: Race condition in HVMOP_track_dirty_vram (XSA-104)↗2014-09-23

▶

Debian

CVE-2014-7154: xen - Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ens...↗2014

▶

💬Community

Bugzilla

CVE-2014-7154 kernel: xen: Race condition in HVMOP_track_dirty_vram (xsa104) [fedora-all]↗2014-09-23

▶

Bugzilla

CVE-2014-7154 kernel: xen: Race condition in HVMOP_track_dirty_vram (XSA-104)↗2014-09-10

▶