fkie_cve-2014-2599
Vulnerability from fkie_nvd
Published
2014-03-28 15:55
Modified
2025-04-12 10:46
Severity ?
Summary
The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-201407-03.xml
cve@mitre.orghttp://www.debian.org/security/2014/dsa-3006
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2014/03/25/1
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2014/03/25/2
cve@mitre.orghttp://www.securityfocus.com/bid/66407
cve@mitre.orghttp://www.securitytracker.com/id/1029956
cve@mitre.orghttp://xenbits.xen.org/xsa/advisory-89.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201407-03.xml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3006
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/03/25/1
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/03/25/2
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/66407
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029956
af854a3a-2127-422b-91ae-364da2661108http://xenbits.xen.org/xsa/advisory-89.htmlPatch, Vendor Advisory
Impacted products
Vendor Product Version
xen xen 4.1.0
xen xen 4.1.0
xen xen 4.1.1
xen xen 4.1.1
xen xen 4.1.2
xen xen 4.1.2
xen xen 4.1.3
xen xen 4.1.3
xen xen 4.1.4
xen xen 4.1.4
xen xen 4.1.5
xen xen 4.1.5
xen xen 4.1.6.1
xen xen 4.1.6.1
xen xen 4.2.0
xen xen 4.2.1
xen xen 4.2.2
xen xen 4.2.3
xen xen 4.3.0
xen xen 4.3.1
xen xen 4.3.2
xen xen 4.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D532B60-C8DD-4A2F-9D05-E574D23EB754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.0:*:*:*:x86:*:*:*",
              "matchCriteriaId": "4761313C-264F-447A-B6D4-B6F27AD3BCA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D83CA8B-8E49-45FA-8FAB-C15052474542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.1:*:*:*:x86:*:*:*",
              "matchCriteriaId": "BEF9F468-EBF4-4261-B4AE-C191DC2586EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27537DF5-7E0F-463F-BA87-46E329EE07AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.2:*:*:*:x86:*:*:*",
              "matchCriteriaId": "02DEEF07-182E-4C46-B30D-66E060BEADF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EA4F978-9145-4FE6-B4F9-15207E52C40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.3:*:*:*:x86:*:*:*",
              "matchCriteriaId": "4C39C1C8-AC5D-45EE-8D1C-895EC6447D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "22A995FD-9B7F-4DF0-BECF-4B086E470F1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.4:*:*:*:x86:*:*:*",
              "matchCriteriaId": "518D1C53-4941-4031-9534-29D9FE271BD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "219597E2-E2D7-4647-8A7C-688B96300158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.5:*:*:*:x86:*:*:*",
              "matchCriteriaId": "D47AFC30-8E82-473E-9C48-FE1D885E46D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "65E55950-EACA-4209-B2A1-E09026FC6006",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:x86:*:*:*",
              "matchCriteriaId": "C60E4208-0AF1-45A0-93C5-F70500741828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47640819-FC43-49ED-8A77-728C3D7255B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2448537F-87AD-45C1-9FB0-7A49CA31BD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E36B2265-70E1-413B-A7CF-79D39E9ADCFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF948E6A-07BE-4C7D-8A98-002E89D35F4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0E23B94-1726-4F63-84BB-8D83FAB156D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C76124AB-4E3D-4BE0-AAEA-7FC05868E2FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1044792C-D544-457C-9391-4F3B5BAB978D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input."
    },
    {
      "lang": "es",
      "value": "Las operaciones de control de HVM HVMOP_set_mem_access en Xen 4.1.x para 32 bits y 4.1.x hasta 4.4.x para 64 bits permiten a administradores locales invitados causar una denegaci\u00f3n de servicio (consumo de CPU) mediante el aprovechamiento del acceso a ciertos dominios de servicio para invitados de HVM y una entrada grande."
    }
  ],
  "id": "CVE-2014-2599",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-03-28T15:55:08.890",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2014/dsa-3006"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/03/25/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/03/25/2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/66407"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1029956"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://xenbits.xen.org/xsa/advisory-89.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/03/25/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/03/25/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/66407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1029956"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://xenbits.xen.org/xsa/advisory-89.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.