CVE-2014-2599

Xen 4.1.x-4.4.x - Denial of Service via HVMOP_set_mem_access

Title source: llm
STIX 2.1

Description

The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input.

References (8)

Core 8
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/03/25/2
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201407-03.xml
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/03/25/1
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-3006
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/66407
Patch, Vendor Advisory x_refsource_confirm
http://xenbits.xen.org/xsa/advisory-89.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029956

Scores

EPSS 0.0008
EPSS Percentile 22.4%

Details

CWE
CWE-20
Status published
Products (15)
xen/xen 4.1.0 (2 CPE variants)
xen/xen 4.1.1 (2 CPE variants)
xen/xen 4.1.2 (2 CPE variants)
xen/xen 4.1.3 (2 CPE variants)
xen/xen 4.1.4 (2 CPE variants)
xen/xen 4.1.5 (2 CPE variants)
xen/xen 4.1.6.1 (2 CPE variants)
xen/xen 4.2.0
xen/xen 4.2.1
xen/xen 4.2.2
... and 5 more
Published Mar 28, 2014
Tracked Since Feb 18, 2026