CVE-2014-3968 - OpenCVE

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:A/AC:L/Au:S/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Xen	Xen
Opensuse	Opensuse

Configuration 1 [-]

OR	cpe:2.3:o:xen:xen:4.3.0:::::::*
	cpe:2.3:o:xen:xen:4.3.1:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:xen:xen:4.2.0:::::::*
	cpe:2.3:o:xen:xen:4.2.1:::::::*
	cpe:2.3:o:xen:xen:4.2.2:::::::*
	cpe:2.3:o:xen:xen:4.2.3:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:xen:xen:4.4.0:::::::*
	cpe:2.3:o:xen:xen:4.4.0:rc1::::::

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134739.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
http://www.openwall.com/lists/oss-security/2014/06/04/13
http://www.securityfocus.com/bid/67794
http://www.securityfocus.com/bid/67824
http://www.securitytracker.com/id/1030322
http://xenbits.xen.org/xsa/advisory-96.html	Patch Vendor Advisory
https://security.gentoo.org/glsa/201504-04

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-06-05T20:00:00

Updated: 2016-12-20T16:57:01

Reserved: 2014-06-04T00:00:00

Link: CVE-2014-3968

JSON object: View

NVD Information

Status : Modified

Published: 2014-06-05T20:55:06.580

Modified: 2018-10-30T16:27:34.687

Link: CVE-2014-3968

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-03T00:00:00", "descriptions": [{"lang": "en", "value": "The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-20T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201504-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201504-04"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-96.html"}, {"name": "openSUSE-SU-2014:1281", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"}, {"name": "openSUSE-SU-2014:1279", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"}, {"name": "67824", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67824"}, {"name": "FEDORA-2014-7423", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html"}, {"name": "FEDORA-2014-7408", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134739.html"}, {"name": "1030322", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030322"}, {"name": "67794", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67794"}, {"name": "[oss-security] 20140604 Re: Xen Security Advisory 96 - Vulnerabilities in HVM MSI injection", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/06/04/13"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3968", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201504-04", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-04"}, {"name": "http://xenbits.xen.org/xsa/advisory-96.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-96.html"}, {"name": "openSUSE-SU-2014:1281", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"}, {"name": "openSUSE-SU-2014:1279", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"}, {"name": "67824", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67824"}, {"name": "FEDORA-2014-7423", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html"}, {"name": "FEDORA-2014-7408", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134739.html"}, {"name": "1030322", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030322"}, {"name": "67794", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67794"}, {"name": "[oss-security] 20140604 Re: Xen Security Advisory 96 - Vulnerabilities in HVM MSI injection", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/06/04/13"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3968", "datePublished": "2014-06-05T20:00:00", "dateReserved": "2014-06-04T00:00:00", "dateUpdated": "2016-12-20T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF948E6A-07BE-4C7D-8A98-002E89D35F4D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "C0E23B94-1726-4F63-84BB-8D83FAB156D7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "47640819-FC43-49ED-8A77-728C3D7255B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "2448537F-87AD-45C1-9FB0-7A49CA31BD76", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E36B2265-70E1-413B-A7CF-79D39E9ADCFB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "1044792C-D544-457C-9391-4F3B5BAB978D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "CF23B21B-594A-42E2-AF90-D5C4246B39A4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged."}, {"lang": "es", "value": "La funci\u00f3n HVMOP_inject_msi en Xen 4.2.x, 4.3.x y 4.4.x permite a administradores locales invitados causar una denegaci\u00f3n de servicio (ca\u00edda de anfitri\u00f3n) a trav\u00e9s de un n\u00famero grande de solicitudes manipuladas, lo que provoca que se registra un mensaje de error."}], "id": "CVE-2014-3968", "lastModified": "2018-10-30T16:27:34.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-06-05T20:55:06.580", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134739.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/06/04/13"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/67794"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/67824"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1030322"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-96.html"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201504-04"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}