CVE-2014-1666CVE-2014-1666

Affected configuration(s):

cpe:/o:xen:xen:4.1.5
cpe:/o:xen:xen:4.1.6.1
cpe:/o:xen:xen:4.2.2
cpe:/o:xen:xen:4.2.3
cpe:/o:xen:xen:4.3.0
cpe:/o:xen:xen:4.3.1

Date published: 2014-01-26T11:58:11.650-05:00

Date last modified: 2017-11-14T21:29:03.767-05:00

CVSS Score: 8.3

Principal attack vector: ADJACENT_NETWORK

Complexity:  LOW

Reference URL: http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127607.html

Summary: The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.