Description
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.
References (12)
Core 12
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0783.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201504-04
Permissions Required, Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62672
Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX201794
Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX200288
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3140
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html
Vendor Advisory x_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html
Patch, Vendor Advisory x_refsource_confirm
http://xenbits.xenproject.org/xsa/advisory-112.html
Permissions Required, Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59949
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/71331
Scores
EPSS
0.0013
EPSS Percentile
31.4%
Details
CWE
CWE-17
Status
published
Products (11)
debian/debian_linux
7.0
opensuse/opensuse
13.1
opensuse/opensuse
13.2
redhat/enterprise_linux
5.0
redhat/enterprise_linux_desktop
5.0
xen/xen
3.2.1
xen/xen
3.2.2
xen/xen
3.2.3
xen/xen
4.4.0
xen/xen
4.4.1
... and 1 more
Published
Dec 01, 2014
Tracked Since
Feb 18, 2026