CVE-2014-8594

The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:N/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
opensuseopensuse
13.1
opensuseopensuse
13.2
debiandebian_linux
7.0
xenxen
4.0.0
xenxen
4.0.1
xenxen
4.0.2
xenxen
4.0.3
xenxen
4.0.4
xenxen
4.1.0
xenxen
4.1.1
xenxen
4.1.2
xenxen
4.1.3
xenxen
4.1.4
xenxen
4.1.5
xenxen
4.1.6.1
xenxen
4.2.0
xenxen
4.2.1
xenxen
4.2.2
xenxen
4.2.3
xenxen
4.3.0
xenxen
4.3.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
utopic
Fixed 4.4.1-0ubuntu0.14.10.2
released
trusty
Fixed 4.4.1-0ubuntu0.14.04.2
released
precise
Fixed 4.1.6.1-0ubuntu0.12.04.4
released
lucid
dne
xen-3.3
utopic
dne
trusty
dne
precise
dne
lucid
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html
http://secunia.com/advisories/62672
http://www.debian.org/security/2015/dsa-3140
http://www.securityfocus.com/bid/71149
http://xenbits.xen.org/xsa/advisory-109.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/98767
https://security.gentoo.org/glsa/201504-04
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html
http://secunia.com/advisories/62672
http://www.debian.org/security/2015/dsa-3140
http://www.securityfocus.com/bid/71149
http://xenbits.xen.org/xsa/advisory-109.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/98767
https://security.gentoo.org/glsa/201504-04