CVE-2014-3967 - OpenCVE

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:A/AC:L/Au:S/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Xen	Xen
Opensuse	Opensuse

Configuration 1 [-]

OR	cpe:2.3:o:xen:xen:4.2.0:::::::*
	cpe:2.3:o:xen:xen:4.2.1:::::::*
	cpe:2.3:o:xen:xen:4.2.2:::::::*
	cpe:2.3:o:xen:xen:4.2.3:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:xen:xen:4.4.0:::::::*
	cpe:2.3:o:xen:xen:4.4.0:rc1::::::

Configuration 3 [-]

OR	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:xen:xen:4.3.0:::::::*
	cpe:2.3:o:xen:xen:4.3.1:::::::*

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134739.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
http://www.openwall.com/lists/oss-security/2014/06/04/13
http://www.securityfocus.com/bid/67794
http://www.securitytracker.com/id/1030322
http://xenbits.xen.org/xsa/advisory-96.html	Patch Vendor Advisory
https://security.gentoo.org/glsa/201504-04

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-06-05T20:00:00

Updated: 2016-12-20T16:57:01

Reserved: 2014-06-04T00:00:00

Link: CVE-2014-3967

JSON object: View

NVD Information

Status : Modified

Published: 2014-06-05T20:55:06.517

Modified: 2018-10-30T16:27:34.687

Link: CVE-2014-3967

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-03T00:00:00", "descriptions": [{"lang": "en", "value": "The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-20T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201504-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201504-04"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-96.html"}, {"name": "openSUSE-SU-2014:1281", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"}, {"name": "openSUSE-SU-2014:1279", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"}, {"name": "FEDORA-2014-7423", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html"}, {"name": "FEDORA-2014-7408", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134739.html"}, {"name": "1030322", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030322"}, {"name": "67794", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67794"}, {"name": "[oss-security] 20140604 Re: Xen Security Advisory 96 - Vulnerabilities in HVM MSI injection", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/06/04/13"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3967", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201504-04", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-04"}, {"name": "http://xenbits.xen.org/xsa/advisory-96.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-96.html"}, {"name": "openSUSE-SU-2014:1281", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"}, {"name": "openSUSE-SU-2014:1279", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"}, {"name": "FEDORA-2014-7423", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html"}, {"name": "FEDORA-2014-7408", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134739.html"}, {"name": "1030322", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030322"}, {"name": "67794", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67794"}, {"name": "[oss-security] 20140604 Re: Xen Security Advisory 96 - Vulnerabilities in HVM MSI injection", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/06/04/13"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3967", "datePublished": "2014-06-05T20:00:00", "dateReserved": "2014-06-04T00:00:00", "dateUpdated": "2016-12-20T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "47640819-FC43-49ED-8A77-728C3D7255B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "2448537F-87AD-45C1-9FB0-7A49CA31BD76", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E36B2265-70E1-413B-A7CF-79D39E9ADCFB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "1044792C-D544-457C-9391-4F3B5BAB978D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "CF23B21B-594A-42E2-AF90-D5C4246B39A4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF948E6A-07BE-4C7D-8A98-002E89D35F4D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "C0E23B94-1726-4F63-84BB-8D83FAB156D7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors."}, {"lang": "es", "value": "La funci\u00f3n HVMOP_inject_msi en Xen 4.2.x, 4.3.x y 4.4.x no comprueba debidamente el valor de retorno de la comprobaci\u00f3n de configuraciones IRQ, lo que permite a administradores locales invitados de HVM causar una denegaci\u00f3n de servicio (referencia a puntero nulo y ca\u00edda) a trav\u00e9s de vectores no especificados."}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\n\n\"CWE-476: NULL Pointer Dereference\"", "id": "CVE-2014-3967", "lastModified": "2018-10-30T16:27:34.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-06-05T20:55:06.517", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134739.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/06/04/13"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/67794"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1030322"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-96.html"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201504-04"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}