CVE-2014-5146

Published: 22 August 2014

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149.

Priority

Medium

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
Patches:
Upstream: http://lists.xen.org/archives/html/xen-announce/2014-08/binBl1EttLmuf.bin (4.2 p1)
Upstream: http://lists.xen.org/archives/html/xen-announce/2014-08/binf523qdXfzv.bin (4.2 p2)
Upstream: http://lists.xen.org/archives/html/xen-announce/2014-08/binsyOajrhEHl.bin (4.3)
Upstream: http://lists.xen.org/archives/html/xen-announce/2014-08/binLdj60kEVFy.bin (4.4)
Upstream: http://lists.xen.org/archives/html/xen-announce/2014-08/binKv_7vEST9M.bin (unstable)
Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3
Launchpad, Ubuntu, Debian
Upstream Ignored
(reached end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Binaries built from this source package are in Universe and so are supported by the community.