Affected configuration(s):
cpe:/o:xen:xen:4.1.5
cpe:/o:xen:xen:4.1.6.1
cpe:/o:xen:xen:4.2.2
cpe:/o:xen:xen:4.2.3
cpe:/o:xen:xen:4.3.0
cpe:/o:xen:xen:4.3.1
Date published: 2014-01-26T11:58:11.650-05:00
Date last modified: 2017-11-14T21:29:03.767-05:00
CVSS Score: 8.3
Principal attack vector: ADJACENT_NETWORK
Complexity: LOW
Reference URL: http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127607.html
Summary: The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.