CVE-2014-5146

Published: Aug 22, 2014Modified: May 6, 2026

4.7

Vector

AV:L/AC:M/Au:N/C:N/I:N/A:C

Exploitability: 3.4 / Impact: 6.9

Source: NVD

Description

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149.

Affected (9)

Products: Opensuse: Opensuse · Xen: Xen

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Xen Xen	Version 4.2.0
Xen Xen	Version 4.2.1
Xen Xen	Version 4.2.2
Xen Xen	Version 4.2.3
Xen Xen	Version 4.3.0
Xen Xen	Version 4.3.1
Xen Xen	Version 4.4.0

Related CWEs

References (18)

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136980.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136981.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/69198

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1030723

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://xenbits.xen.org/xsa/advisory-97.html

Source: cve@mitre.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/95234

Source: cve@mitre.org

https://security.gentoo.org/glsa/201504-04

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136980.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136981.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/69198

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1030723

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://xenbits.xen.org/xsa/advisory-97.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/95234

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201504-04

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.