CVE-2014-1666 - OpenCVE

The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Xen	Xen

Configuration 1 [-]

OR	cpe:2.3:o:xen:xen:4.1.5:::::::*
	cpe:2.3:o:xen:xen:4.1.6.1:::::::*
	cpe:2.3:o:xen:xen:4.2.2:::::::*
	cpe:2.3:o:xen:xen:4.2.3:::::::*
	cpe:2.3:o:xen:xen:4.3.0:::::::*
	cpe:2.3:o:xen:xen:4.3.1:::::::*

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127580.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127607.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html
http://osvdb.org/102536
http://secunia.com/advisories/56650	Vendor Advisory
http://security.gentoo.org/glsa/glsa-201407-03.xml
http://support.citrix.com/article/CTX200288
http://www.openwall.com/lists/oss-security/2014/01/24/6
http://www.securityfocus.com/bid/65125
http://www.securitytracker.com/id/1029684
http://xenbits.xen.org/xsa/advisory-87.html
http://xenbits.xen.org/xsa/xsa87-unstable-4.3.patch	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/90675

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-01-26T11:00:00

Updated: 2018-01-02T19:57:01

Reserved: 2014-01-24T00:00:00

Link: CVE-2014-1666

JSON object: View

NVD Information

Status : Modified

Published: 2014-01-26T16:58:11.650

Modified: 2018-01-03T02:29:08.337

Link: CVE-2014-1666

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-01-23T00:00:00", "descriptions": [{"lang": "en", "value": "The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-02T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "102536", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/102536"}, {"name": "65125", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/65125"}, {"name": "xen-cve20141666-priv-esc(90675)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90675"}, {"name": "SUSE-SU-2014:0373", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html"}, {"name": "FEDORA-2014-1552", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127607.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX200288"}, {"name": "GLSA-201407-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"}, {"name": "FEDORA-2014-1559", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127580.html"}, {"name": "[oss-security] 20140123 Xen Security Advisory 87 (CVE-2014-1666) - PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/01/24/6"}, {"name": "1029684", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1029684"}, {"name": "SUSE-SU-2014:0372", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-87.html"}, {"name": "56650", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/56650"}, {"tags": ["x_refsource_MISC"], "url": "http://xenbits.xen.org/xsa/xsa87-unstable-4.3.patch"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1666", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "102536", "refsource": "OSVDB", "url": "http://osvdb.org/102536"}, {"name": "65125", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65125"}, {"name": "xen-cve20141666-priv-esc(90675)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90675"}, {"name": "SUSE-SU-2014:0373", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html"}, {"name": "FEDORA-2014-1552", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127607.html"}, {"name": "http://support.citrix.com/article/CTX200288", "refsource": "CONFIRM", "url": "http://support.citrix.com/article/CTX200288"}, {"name": "GLSA-201407-03", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"}, {"name": "FEDORA-2014-1559", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127580.html"}, {"name": "[oss-security] 20140123 Xen Security Advisory 87 (CVE-2014-1666) - PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/01/24/6"}, {"name": "1029684", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029684"}, {"name": "SUSE-SU-2014:0372", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html"}, {"name": "http://xenbits.xen.org/xsa/advisory-87.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-87.html"}, {"name": "56650", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56650"}, {"name": "http://xenbits.xen.org/xsa/xsa87-unstable-4.3.patch", "refsource": "MISC", "url": "http://xenbits.xen.org/xsa/xsa87-unstable-4.3.patch"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-1666", "datePublished": "2014-01-26T11:00:00", "dateReserved": "2014-01-24T00:00:00", "dateUpdated": "2018-01-02T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "219597E2-E2D7-4647-8A7C-688B96300158", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "65E55950-EACA-4209-B2A1-E09026FC6006", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "2448537F-87AD-45C1-9FB0-7A49CA31BD76", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E36B2265-70E1-413B-A7CF-79D39E9ADCFB", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF948E6A-07BE-4C7D-8A98-002E89D35F4D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "C0E23B94-1726-4F63-84BB-8D83FAB156D7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors."}, {"lang": "es", "value": "La funci\u00f3n do_physdev_op en Xen 4.1.5, 4.1.6.1, 4.2.2 hasta 4.2.3 y 4.3.x no restringe adecuadamente el acceso a las operaciones: (1) PHYSDEVOP_release_msix y (2) PHYSDEVOP_prepare_msix , lo que permite a los hu\u00e9spedes PV locales provocar una denegaci\u00f3n de servicio ( mal funcionamiento de host o invitado) o posiblemente obtener privilegios a trav\u00e9s de vectores no especificados."}], "id": "CVE-2014-1666", "lastModified": "2018-01-03T02:29:08.337", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-01-26T16:58:11.650", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127580.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127607.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/102536"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/56650"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"}, {"source": "cve@mitre.org", "url": "http://support.citrix.com/article/CTX200288"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/01/24/6"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/65125"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1029684"}, {"source": "cve@mitre.org", "url": "http://xenbits.xen.org/xsa/advisory-87.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/xsa87-unstable-4.3.patch"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90675"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}