CVE-2014-6268

Xen 4.4.x - Denial of Service via Uninitialized Event Channel Control Block

Title source: llm
STIX 2.1

Description

The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030829
Vendor Advisory x_refsource_confirm
http://xenbits.xen.org/xsa/advisory-107.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95837
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/69753

Scores

EPSS 0.0007
EPSS Percentile 20.8%

Details

CWE
CWE-399
Status published
Products (2)
xen/xen 4.4.0 (2 CPE variants)
xen/xen 4.4.1
Published Jan 12, 2015
Tracked Since Feb 18, 2026