CVE-2014-7154 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.1 UNKNOWN	ADJACENT_NETWORK	LOW		AV:A/AC:L/Au:N/C:N/I:N/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 73%

Affected Products (NVD)

Vendor	Product	Version
debian	debian_linux	7.0
xen	xen	4.1.0
xen	xen	4.1.1
xen	xen	4.1.2
xen	xen	4.1.3
xen	xen	4.1.4
xen	xen	4.1.5
xen	xen	4.1.6.1
xen	xen	4.2.0
xen	xen	4.2.1
xen	xen	4.2.2
xen	xen	4.2.3
xen	xen	4.3.0
xen	xen	4.3.1
xen	xen	4.4.0
xen	xen	4.4.0:rc1
xen	xen	4.4.1
opensuse	opensuse	12.3
opensuse	opensuse	13.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

xen

bookworm	4.17.3+10-g091466ba55-1~deb12u1 fixed
bullseye	4.14.6-1 fixed
bullseye (security)	4.14.5+94-ge49571868d-1 fixed
sid	4.17.3+36-g54dacb5c02-1 fixed
trixie	4.17.3+36-g54dacb5c02-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

xen

lucid	dne
precise	Fixed 4.1.6.1-0ubuntu0.12.04.3 released
trusty	Fixed 4.4.0-0ubuntu5.2 released
utopic	Fixed 4.4.0-0ubuntu8 released

xen-3.3

lucid	not-affected
precise	dne
trusty	dne
utopic	dne

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html

http://secunia.com/advisories/61501

http://secunia.com/advisories/61890

http://security.gentoo.org/glsa/glsa-201412-42.xml

http://www.debian.org/security/2014/dsa-3041

http://www.securitytracker.com/id/1030887

http://xenbits.xen.org/xsa/advisory-104.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html

http://secunia.com/advisories/61501

http://secunia.com/advisories/61890

http://security.gentoo.org/glsa/glsa-201412-42.xml

http://www.debian.org/security/2014/dsa-3041

http://www.securitytracker.com/id/1030887

http://xenbits.xen.org/xsa/advisory-104.html