CVE-2014-9065 — Improper Locking in XEN

CWE-17 CWE-667 — Improper Locking11 documents6 sources

Severity

4.7MEDIUMNVD

NVD4.4OSV4.4

EPSS

0.1%

top 71.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Opensuse

Timeline

PublishedDec 9

Latest updateMay 14

Description

common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066.

CVSS vector

AV:L/AC:M/C:N/I:N/A:CExploitability: 2.7 | Impact: 6.9

Affected Packages4 packages

▶debiandebian/xen< xen 4.4.1-6 (bookworm)+1

▶Debianxen/xen< 4.4.1-6+3

▶NVDxen/xen4.4.1

▶NVDopensuse/opensuse13.1, 13.2+1

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-4f7c-f5r2-23hx: Xen 4↗2022-05-14

▶

GHSA

GHSA-gq6c-wcjg-9p8q: common/spinlock↗2022-05-14

▶

OSV

CVE-2014-9065: common/spinlock↗2014-12-09

▶

OSV

CVE-2014-9066: Xen 4↗2014-12-09

▶

📋Vendor Advisories

Red Hat

xen: p2m lock starvation (xsa114)↗2014-12-08

▶

Red Hat

xen: p2m lock starvation (xsa114)↗2014-12-08

▶

Debian

CVE-2014-9066: xen - Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly han...↗2014

▶

Debian

CVE-2014-9065: xen - common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and wri...↗2014

▶

💬Community

Bugzilla

CVE-2014-9065 xen: p2m lock starvation (xsa114)↗2014-11-25

▶