CVE-2014-8595

arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
1.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
debiandebian_linux
7.0
xenxen
3.2.1
xenxen
3.2.2
xenxen
3.2.3
xenxen
3.3.0
xenxen
3.3.1
xenxen
3.3.2
xenxen
3.4.0
xenxen
3.4.1
xenxen
3.4.2
xenxen
3.4.3
xenxen
3.4.4
xenxen
4.0.0
xenxen
4.0.1
xenxen
4.0.2
xenxen
4.0.3
xenxen
4.0.4
xenxen
4.1.0
xenxen
4.1.1
xenxen
4.1.2
xenxen
4.1.3
xenxen
4.1.4
xenxen
4.1.5
xenxen
4.1.6.1
xenxen
4.2.0
xenxen
4.2.1
xenxen
4.2.2
xenxen
4.2.3
xenxen
4.3.0
xenxen
4.3.1
xenxen
4.4.0
opensuseopensuse
13.1
opensuseopensuse
13.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
vivid
Fixed 4.4.1-3ubuntu2
released
utopic
Fixed 4.4.1-0ubuntu0.14.10.2
released
trusty
Fixed 4.4.1-0ubuntu0.14.04.2
released
precise
Fixed 4.1.6.1-0ubuntu0.12.04.4
released
lucid
dne
xen-3.3
vivid
dne
utopic
dne
trusty
dne
precise
dne
lucid
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html
http://secunia.com/advisories/62537
http://secunia.com/advisories/62672
http://support.citrix.com/article/CTX200288
http://support.citrix.com/article/CTX201794
http://www.debian.org/security/2015/dsa-3140
http://www.securityfocus.com/bid/71151
http://xenbits.xen.org/xsa/advisory-110.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/98768
https://security.gentoo.org/glsa/201504-04
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html
http://secunia.com/advisories/62537
http://secunia.com/advisories/62672
http://support.citrix.com/article/CTX200288
http://support.citrix.com/article/CTX201794
http://www.debian.org/security/2015/dsa-3140
http://www.securityfocus.com/bid/71151
http://xenbits.xen.org/xsa/advisory-110.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/98768
https://security.gentoo.org/glsa/201504-04