CVE-2014-1642CVE-2014-1642

Affected configuration(s):

cpe:/o:xen:xen:4.2.0
cpe:/o:xen:xen:4.2.1
cpe:/o:xen:xen:4.2.2
cpe:/o:xen:xen:4.2.3
cpe:/o:xen:xen:4.3.0
cpe:/o:xen:xen:4.3.1

Date published: 2014-01-26T11:58:11.620-05:00

Date last modified: 2017-08-28T21:34:26.747-04:00

CVSS Score: 4.4

Principal attack vector: LOCAL

Complexity:  MEDIUM

Reference URL: http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127607.html

Summary: The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.