CVE-2014-1894 : Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is ena

Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893.

Published 2014-04-01 06:35:54

Updated 2017-01-07 02:59:45

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2014-1894

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-1894

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.2	MEDIUM	AV:A/AC:M/Au:S/C:N/I:N/A:C	4.4	6.9	NIST
Access Vector: Adjacent Network Access Complexity: Medium Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2014-1894

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-1894

http://www.openwall.com/lists/oss-security/2014/02/10/8

oss-security - Xen Security Advisory 84 (CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894) - integer overflow in several XSM/Flask hypercalls

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2014/02/07/12

oss-security - Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-201407-03.xml

Xen: Multiple Vunlerabilities (GLSA 201407-03) — Gentoo security

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html

[security-announce] SUSE-SU-2014:0446-1: important: Security update for

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html

[security-announce] SUSE-SU-2014:0373-1: important: Security update for

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html

[security-announce] SUSE-SU-2014:0372-1: important: Security update for

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2014/02/07/4

oss-security - Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls

CVEs referencing this url
http://xenbits.xen.org/xsa/advisory-84.html

XSA-84 - Xen Security Advisories
Patch;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2014-1894

XEN » XEN
Versions up to, including, (<=) 3.2.3
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 3.1.4
cpe:2.3:o:xen:xen:3.1.4:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 3.2.1
cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 3.2.2
cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 3.0.2
cpe:2.3:o:xen:xen:3.0.2:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 3.0.3
cpe:2.3:o:xen:xen:3.0.3:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 3.0.4
cpe:2.3:o:xen:xen:3.0.4:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 3.1.3
cpe:2.3:o:xen:xen:3.1.3:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 3.2.0
cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-1894

Exploit prediction scoring system (EPSS) score for CVE-2014-1894

CVSS scores for CVE-2014-1894

CWE ids for CVE-2014-1894

References for CVE-2014-1894

Products affected by CVE-2014-1894