Candidate: CVE-2014-1896
PublicDate: 2014-04-01 06:35:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1896
 http://lists.xen.org/archives/html/xen-announce/2014-02/msg00004.html
Description:
 The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x,
 4.3.x, and 4.4-RC series allows local guests to cause a denial of service
 or possibly gain privileges via crafted xenstore ring indexes, which
 triggers a "read or write past the end of the ring."
Ubuntu-Description: 
Notes: 
 mdeslaur> This is XSA-86
 mdeslaur> libvchan not packaged in Ubuntu.
 mdeslaur> 4.2+ only
Bugs: 
Priority: low
Discovered-by: Marek Marczykowski-GÃrecki
Assigned-to: 
CVSS: 

Patches_xen-3.3:
upstream_xen-3.3: ignored (reached end-of-life)
lucid_xen-3.3: not-affected
precise_xen-3.3: DNE
quantal_xen-3.3: DNE
saucy_xen-3.3: DNE
devel_xen-3.3: DNE

Patches_xen:
upstream_xen: needs-triage
lucid_xen: DNE
precise_xen: not-affected
quantal_xen: not-affected
saucy_xen: released (4.3.0-1ubuntu1.3)
devel_xen: released (4.3.0-1ubuntu5)