CVE-2014-7154

Published: Oct 2, 2014Modified: May 6, 2026

6.1

Vector

AV:A/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 6.5 / Impact: 6.9

Source: NVD

Description

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.

Affected (21)

Products: Fedoraproject: Fedora · Debian: Debian Linux · Xen: Xen · +1 more

Show all products

Fedoraproject: Fedora · Debian: Debian Linux · Xen: Xen · Opensuse: Opensuse

1 product

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 19
Fedoraproject Fedora	Version 20

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0

Configuration C

16 vulnerable

Vulnerable Software	Affected Versions
Xen Xen	Version 4.1.0
Xen Xen	Version 4.1.1
Xen Xen	Version 4.1.2
Xen Xen	Version 4.1.3
Xen Xen	Version 4.1.4
Xen Xen	Version 4.1.5
Xen Xen	Version 4.1.6.1
Xen Xen	Version 4.2.0
Xen Xen	Version 4.2.1
Xen Xen	Version 4.2.2
Xen Xen	Version 4.2.3
Xen Xen	Version 4.3.0
Xen Xen	Version 4.3.1
Xen Xen	Version 4.4.0
Xen Xen	Version 4.4.0 rc1
Xen Xen	Version 4.4.1

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 12.3
Opensuse Opensuse	Version 13.1

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (20)

http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html

Source: cve@mitre.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/61501

Source: cve@mitre.org

http://secunia.com/advisories/61890

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-201412-42.xml

Source: cve@mitre.org

http://www.debian.org/security/2014/dsa-3041

Source: cve@mitre.org

Third Party Advisory

http://www.securitytracker.com/id/1030887

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://xenbits.xen.org/xsa/advisory-104.html

Source: cve@mitre.org

PatchVendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/61501

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/61890

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-201412-42.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2014/dsa-3041

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securitytracker.com/id/1030887

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://xenbits.xen.org/xsa/advisory-104.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.