CVE-2014-5147

Published: 29 August 2014

Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process.

Priority

Medium

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian
Upstream
Released (4.4.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [4.4.1-0ubuntu0.14.04.3])
Patches:
Upstream: http://lists.xen.org/archives/html/xen-announce/2014-08/binz34cHFpwik.bin (4.4 p1)
Upstream: http://lists.xen.org/archives/html/xen-announce/2014-08/binkMuZJNJa_J.bin (4.4 p2)
Upstream: http://lists.xen.org/archives/html/xen-announce/2014-08/binm2gYJJrZSx.bin (4.4 p3)
Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3
Launchpad, Ubuntu, Debian
Upstream Ignored
(reached end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Binaries built from this source package are in Universe and so are supported by the community.