Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-1895

Опубликовано: 06 фев. 2014
Источник: redhat
CVSS2: 5
EPSS Низкий

Описание

Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.

Отчет

Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 as we did not have support for Xen hypervisor.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernel-xenNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-193
https://bugzilla.redhat.com/show_bug.cgi?id=1062329xen: Off-by-one error in FLASK_AVC_CACHESTAT hypercall (xsa-85)

EPSS

Процентиль: 29%
0.00105
Низкий

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-1895

ubuntu
почти 12 лет назад

Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.

nvd логотип

CVE-2014-1895

nvd
почти 12 лет назад

Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.

debian логотип

CVE-2014-1895

debian
почти 12 лет назад

Off-by-one error in the flask_security_avc_cachestats function in xsm/ ...

github логотип

GHSA-h86q-v7x4-qx4x

github
больше 3 лет назад

Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.

EPSS

Процентиль: 29%
0.00105
Низкий

5 Medium

CVSS2