Back to search
CVE-2014-1666
Published: Jan 26, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
102536
vdb-entry
x_refsource_OSVDB
65125
vdb-entry
x_refsource_BID
xen-cve20141666-priv-esc(90675)
vdb-entry
x_refsource_XF
SUSE-SU-2014:0373
vendor-advisory
x_refsource_SUSE
FEDORA-2014-1552
vendor-advisory
x_refsource_FEDORA
http://support.citrix.com/article/CTX200288
x_refsource_CONFIRM
GLSA-201407-03
vendor-advisory
x_refsource_GENTOO
FEDORA-2014-1559
vendor-advisory
x_refsource_FEDORA
1029684
vdb-entry
x_refsource_SECTRACK
SUSE-SU-2014:0372
vendor-advisory
x_refsource_SUSE
http://xenbits.xen.org/xsa/advisory-87.html
x_refsource_CONFIRM
56650
third-party-advisory
x_refsource_SECUNIA
http://xenbits.xen.org/xsa/xsa87-unstable-4.3.patch
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now