CVE-2014-5148
Published: 26 October 2014
Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process.
Notes
Author | Note |
---|---|
mdeslaur | arm-specific |
Priority
Status
Package | Release | Status |
---|---|---|
xen Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
|
|
trusty |
Released
(4.4.1-0ubuntu0.14.04.3)
|
|
upstream |
Released
(4.4.1)
|
|
utopic |
Released
(4.4.1-0ubuntu0.14.10.3)
|
|
Patches: upstream: http://lists.xen.org/archives/html/xen-announce/2014-08/binx0pYpwsgmd.bin |
||
Binaries built from this source package are in Universe and so are supported by the community. | ||
xen-3.3 Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
utopic |
Does not exist
|
|
Binaries built from this source package are in Universe and so are supported by the community. |