CVE-2014-5146
Published: 22 August 2014
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149.
Notes
Author | Note |
---|---|
mdeslaur | Original patch got reverted in git because of regressions. Be careful when fixing. |
Priority
Status
Package | Release | Status |
---|---|---|
xen Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Released
(4.1.6.1-0ubuntu0.12.04.6)
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Needed
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Not vulnerable
|
|
Patches: upstream: http://lists.xen.org/archives/html/xen-announce/2014-08/binBl1EttLmuf.bin (4.2 p1) upstream: http://lists.xen.org/archives/html/xen-announce/2014-08/binf523qdXfzv.bin (4.2 p2) upstream: http://lists.xen.org/archives/html/xen-announce/2014-08/binsyOajrhEHl.bin (4.3) upstream: http://lists.xen.org/archives/html/xen-announce/2014-08/binLdj60kEVFy.bin (4.4) upstream: http://lists.xen.org/archives/html/xen-announce/2014-08/binKv_7vEST9M.bin (unstable) |
||
Binaries built from this source package are in Universe and so are supported by the community. | ||
xen-3.3 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
Binaries built from this source package are in Universe and so are supported by the community. |