CVE-2014-1666

Published: 26 January 2014

The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.

Priority

Medium

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.3.0-1ubuntu5)
Patches:
Upstream: http://lists.xen.org/archives/html/xen-announce/2014-01/binN_xKsqoA99.bin (4.1)
Upstream: http://lists.xen.org/archives/html/xen-announce/2014-01/binHrWzvLfvyZ.bin (4.2)
Upstream: http://lists.xen.org/archives/html/xen-announce/2014-01/bincsu1bNEm7A.bin (4.3)
Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3
Launchpad, Ubuntu, Debian
Upstream Ignored
(reached end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Binaries built from this source package are in Universe and so are supported by the community.