Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-1642

Опубликовано: 23 янв. 2014
Источник: redhat
CVSS2: 6.5
EPSS Низкий

Описание

The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free.

Отчет

Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 as we did not have support for Xen hypervisor.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernel-xenNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
https://bugzilla.redhat.com/show_bug.cgi?id=1057140xen: out-of-memory condition yielding memory corruption during IRQ setup

EPSS

Процентиль: 39%
0.00178
Низкий

6.5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-1642

ubuntu
около 12 лет назад

The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free.

nvd логотип

CVE-2014-1642

nvd
около 12 лет назад

The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free.

debian логотип

CVE-2014-1642

debian
около 12 лет назад

The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough an ...

github логотип

GHSA-gjr7-r3wr-cjpp

github
больше 3 лет назад

The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free.

EPSS

Процентиль: 39%
0.00178
Низкий

6.5 Medium

CVSS2