Lucene search

PRIOn knowledge basePRION:CVE-2014-5149

HistoryAug 22, 2014 - 2:55 p.m.

Design/Logic Flaw

2014-08-2214:55:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

24.6%

JSON

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146.

CPENameOperatorVersion
opensuseeq13.1
opensuseeq13.2
xeneq4.2.2
xeneq4.2.3
xeneq4.3.0
xeneq4.2.0
xeneq4.3.1
xeneq4.2.1
xeneq4.4.0

Name	Operator	Version
opensuse	eq	13.1
opensuse	eq	13.2
xen	eq	4.2.2
xen	eq	4.2.3
xen	eq	4.3.0
xen	eq	4.2.0
xen	eq	4.3.1
xen	eq	4.2.1
xen	eq	4.4.0

References

lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html

lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html

www.securityfocus.com/bid/69199

www.securitytracker.com/id/1030723

xenbits.xen.org/xsa/advisory-97.html

exchange.xforce.ibmcloud.com/vulnerabilities/95235

lists.fedoraproject.org/pipermail/package-announce/2014-August/136980.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/136981.html

security.gentoo.org/glsa/201504-04

6.3 Medium

AI Score

Confidence

High

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

24.6%

JSON

Related for PRION:CVE-2014-5149