CVE-2014-5148
Published: 26 October 2014
Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process.
Notes
| Author | Note |
|---|---|
| mdeslaur | arm-specific |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
xen Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Not vulnerable
|
|
| trusty |
Released
(4.4.1-0ubuntu0.14.04.3)
|
|
| upstream |
Released
(4.4.1)
|
|
| utopic |
Released
(4.4.1-0ubuntu0.14.10.3)
|
|
|
Patches: upstream: http://lists.xen.org/archives/html/xen-announce/2014-08/binx0pYpwsgmd.bin |
||
| Binaries built from this source package are in Universe and so are supported by the community. | ||
|
xen-3.3 Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(end of life)
|
|
| utopic |
Does not exist
|
|
| Binaries built from this source package are in Universe and so are supported by the community. | ||