CVE-2014-3124 - OpenCVE

The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types.

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Complete

AV:A/AC:L/Au:S/C:P/I:P/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Xen	Xen

Configuration 1 [-]

OR	cpe:2.3:o:xen:xen:4.1.0:::::::*
	cpe:2.3:o:xen:xen:4.1.1:::::::*
	cpe:2.3:o:xen:xen:4.1.2:::::::*
	cpe:2.3:o:xen:xen:4.1.3:::::::*
	cpe:2.3:o:xen:xen:4.1.4:::::::*
	cpe:2.3:o:xen:xen:4.1.5:::::::*
	cpe:2.3:o:xen:xen:4.1.6.1:::::::*
	cpe:2.3:o:xen:xen:4.2.0:::::::*
	cpe:2.3:o:xen:xen:4.2.1:::::::*
	cpe:2.3:o:xen:xen:4.2.2:::::::*
	cpe:2.3:o:xen:xen:4.2.3:::::::*
	cpe:2.3:o:xen:xen:4.3.0:::::::*
	cpe:2.3:o:xen:xen:4.3.1:::::::*
	cpe:2.3:o:xen:xen:4.4.0:::::::*
	cpe:2.3:o:xen:xen:4.4.0:rc1::::::

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133148.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133191.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
http://security.gentoo.org/glsa/glsa-201407-03.xml
http://www.debian.org/security/2014/dsa-3006
http://www.openwall.com/lists/oss-security/2014/04/29/1
http://www.openwall.com/lists/oss-security/2014/04/30/10
http://www.securityfocus.com/bid/67113
http://www.securitytracker.com/id/1030160
http://xenbits.xen.org/xsa/advisory-92.html	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-05-07T10:00:00

Updated: 2017-01-04T17:57:01

Reserved: 2014-04-29T00:00:00

Link: CVE-2014-3124

JSON object: View

NVD Information

Status : Modified

Published: 2014-05-07T10:55:07.213

Modified: 2018-10-30T16:26:53.700

Link: CVE-2014-3124

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-29T00:00:00", "descriptions": [{"lang": "en", "value": "The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-04T17:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "openSUSE-SU-2014:1281", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"}, {"name": "[oss-security] 20140429 Xen Security Advisory 92 - HVMOP_set_mem_type allows invalid P2M entries to be created", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/04/29/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-92.html"}, {"name": "FEDORA-2014-5915", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133148.html"}, {"name": "GLSA-201407-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"}, {"name": "FEDORA-2014-5941", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133191.html"}, {"name": "67113", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67113"}, {"name": "[oss-security] 20140430 Re: Xen Security Advisory 92 - HVMOP_set_mem_type allows invalid P2M entries to be created", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/04/30/10"}, {"name": "DSA-3006", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3006"}, {"name": "1030160", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030160"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3124", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2014:1281", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"}, {"name": "[oss-security] 20140429 Xen Security Advisory 92 - HVMOP_set_mem_type allows invalid P2M entries to be created", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/04/29/1"}, {"name": "http://xenbits.xen.org/xsa/advisory-92.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-92.html"}, {"name": "FEDORA-2014-5915", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133148.html"}, {"name": "GLSA-201407-03", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"}, {"name": "FEDORA-2014-5941", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133191.html"}, {"name": "67113", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67113"}, {"name": "[oss-security] 20140430 Re: Xen Security Advisory 92 - HVMOP_set_mem_type allows invalid P2M entries to be created", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/04/30/10"}, {"name": "DSA-3006", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3006"}, {"name": "1030160", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030160"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3124", "datePublished": "2014-05-07T10:00:00", "dateReserved": "2014-04-29T00:00:00", "dateUpdated": "2017-01-04T17:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D532B60-C8DD-4A2F-9D05-E574D23EB754", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5D83CA8B-8E49-45FA-8FAB-C15052474542", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "27537DF5-7E0F-463F-BA87-46E329EE07AC", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "3EA4F978-9145-4FE6-B4F9-15207E52C40A", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "22A995FD-9B7F-4DF0-BECF-4B086E470F1E", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "219597E2-E2D7-4647-8A7C-688B96300158", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "65E55950-EACA-4209-B2A1-E09026FC6006", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "47640819-FC43-49ED-8A77-728C3D7255B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "2448537F-87AD-45C1-9FB0-7A49CA31BD76", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E36B2265-70E1-413B-A7CF-79D39E9ADCFB", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF948E6A-07BE-4C7D-8A98-002E89D35F4D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "C0E23B94-1726-4F63-84BB-8D83FAB156D7", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "1044792C-D544-457C-9391-4F3B5BAB978D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "CF23B21B-594A-42E2-AF90-D5C4246B39A4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types."}, {"lang": "es", "value": "El control HVMOP_set_mem_type en Xen 4.1 hasta 4.4.x permite a administradores HVM locales invitados causar una denegaci\u00f3n de servicio (ca\u00edda de hipervisor) o posiblemente ejecutar c\u00f3digo arbitrario mediante el aprovechamiento de una vulnerabilidad qemu-dm diferente para provocar traducciones de tablas de p\u00e1ginas invalidas para tipos de p\u00e1gina de memoria no especificados."}], "id": "CVE-2014-3124", "lastModified": "2018-10-30T16:26:53.700", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-07T10:55:07.213", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133148.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133191.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2014/dsa-3006"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/04/29/1"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/04/30/10"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/67113"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1030160"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-92.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}