Lucene search
Xen ProjectXSA-87HistoryJan 23, 2014 - 5:38 p.m.
PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests
2014-01-2317:38:00
Xen Project
xenbits.xen.org
13
0.004 Low
EPSS
Percentile
72.9%
ISSUE DESCRIPTION
The PHYSDEVOP_{prepare,release}_msix operations are supposed to be available to privileged guests (domain 0 in non-disaggregated setups) only, but the necessary privilege check was missing.
IMPACT
Malicious or misbehaving unprivileged guests can cause the host or other guests to malfunction. This can result in host-wide denial of service. Privilege escalation, while seeming to be unlikely, cannot be excluded.
VULNERABLE SYSTEMS
Xen 4.1.5 and 4.1.6.1 as well as 4.2.2 and later are vulnerable. Xen 4.2.1 and 4.2.0 as well as 4.1.4 and earlier are not vulnerable.
Only PV guests can take advantage of this vulnerability.
Related
prion
prion
Design/Logic Flaw
2014-01-26 16:58:00
cve
cve
CVE-2014-1666
2014-01-26 16:58:11
cvelist
cvelist
CVE-2014-1666
2014-01-26 11:00:00
ubuntucve
ubuntucve
CVE-2014-1666
2014-01-26 00:00:00
debiancve
debiancve
CVE-2014-1666
2014-01-26 16:58:11
nessus
nessus
Fedora 20 : xen-4.3.1-8.fc20 (2014-1552)
2014-02-03 00:00:00
Fedora 19 : xen-4.2.3-14.fc19 (2014-1559)
2014-02-03 00:00:00
Citrix XenServer Multiple Vulnerabilities (CTX200288)
2014-12-05 00:00:00
openvas
openvas
Citrix XenServer Multiple Security Updates (CTX200288)
2014-12-18 00:00:00
SUSE: Security Advisory for Xen (SUSE-SU-2014:0372-1)
2015-10-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:0372-1)
2021-06-09 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: xen-4.3.1-8.fc20
2014-02-03 02:43:51
[SECURITY] Fedora 20 Update: xen-4.3.1-9.fc20
2014-02-16 23:21:24
[SECURITY] Fedora 20 Update: xen-4.3.2-1.fc20
2014-03-02 03:45:00
suse
suse
Security update for Xen (important)
2014-03-14 00:04:13
Security update for Xen (important)
2014-03-14 00:06:40
gentoo
gentoo
Xen: Multiple Vunlerabilities
2014-07-16 00:00:00