CVE-2014-1896CVE-2014-1896

Affected configuration(s):

cpe:/o:xen:xen:4.2.0
cpe:/o:xen:xen:4.2.1
cpe:/o:xen:xen:4.2.2
cpe:/o:xen:xen:4.2.3
cpe:/o:xen:xen:4.3.0
cpe:/o:xen:xen:4.3.1
cpe:/o:xen:xen:4.4.0:rc1

Date published: 2014-04-01T02:35:53.607-04:00

Date last modified: 2017-01-06T21:59:45.063-05:00

CVSS Score: 4.9

Principal attack vector: ADJACENT_NETWORK

Complexity:  MEDIUM

Reference URL: http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html

Summary: The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a “read or write past the end of the ring.”

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.