Novell Home

CVE-2014-1895

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-1895 at MITRE

Description

Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.

NVD CVSS v2 Base Score: 5.8 (AV:A/AC:M/Au:S/C:P/I:N/A:C)

Novell/SUSE information

Novell Bugzilla entry: 860165

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP3
  • xen-devel >= 4.2.4_02-0.7.1
Builds
SAT Patch Nr: 8973
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
  • xen-kmp-default >= 4.2.4_02_3.0.101_0.15-0.7.1
  • xen-kmp-pae >= 4.2.4_02_3.0.101_0.15-0.7.1
  • xen-libs >= 4.2.4_02-0.7.1
  • xen-tools-domU >= 4.2.4_02-0.7.1
Builds
SAT Patch Nr: 8973
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
  • xen >= 4.2.4_02-0.7.1
  • xen-doc-html >= 4.2.4_02-0.7.1
  • xen-doc-pdf >= 4.2.4_02-0.7.1
  • xen-kmp-default >= 4.2.4_02_3.0.101_0.15-0.7.1
  • xen-libs >= 4.2.4_02-0.7.1
  • xen-libs-32bit >= 4.2.4_02-0.7.1
  • xen-tools >= 4.2.4_02-0.7.1
  • xen-tools-domU >= 4.2.4_02-0.7.1
Builds
SAT Patch Nr: 8973

© 2014 Novell