CVE-2014-9030

EUVD-2014-8858
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
xenxen
3.2.0
xenxen
3.2.1
xenxen
3.2.2
xenxen
3.2.3
xenxen
3.3.0
xenxen
3.3.1
xenxen
3.3.2
xenxen
3.4.0
xenxen
3.4.1
xenxen
3.4.2
xenxen
3.4.3
xenxen
3.4.4
xenxen
4.0.0
xenxen
4.0.1
xenxen
4.0.2
xenxen
4.0.3
xenxen
4.0.4
xenxen
4.1.0
xenxen
4.1.1
xenxen
4.1.2
xenxen
4.1.3
xenxen
4.1.4
xenxen
4.1.5
xenxen
4.1.6.1
xenxen
4.2.0
xenxen
4.2.1
xenxen
4.2.2
xenxen
4.2.3
xenxen
4.3.0
xenxen
4.3.1
xenxen
4.4.0
xenxen
4.4.1
debiandebian_linux
7.0
opensuseopensuse
13.1
opensuseopensuse
13.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
lucid
dne
precise
Fixed 4.1.6.1-0ubuntu0.12.04.4
released
trusty
Fixed 4.4.1-0ubuntu0.14.04.2
released
utopic
Fixed 4.4.1-0ubuntu0.14.10.2
released
vivid
Fixed 4.5.0-1ubuntu1
released
xen-3.3
lucid
ignored
precise
dne
trusty
dne
utopic
dne
vivid
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html
http://secunia.com/advisories/62672
http://www.debian.org/security/2015/dsa-3140
http://www.securityfocus.com/bid/71207
http://xenbits.xen.org/xsa/advisory-113.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/98853
https://security.gentoo.org/glsa/201504-04
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html
http://secunia.com/advisories/62672
http://www.debian.org/security/2015/dsa-3140
http://www.securityfocus.com/bid/71207
http://xenbits.xen.org/xsa/advisory-113.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/98853
https://security.gentoo.org/glsa/201504-04