Novell Home

CVE-2014-1950

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-1950 at MITRE

Description

Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors.

NVD CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 861256

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP2 LTSS
  • xen-kmp-default >= 4.1.6_06_3.0.101_0.7.17-0.5.1
  • xen-kmp-pae >= 4.1.6_06_3.0.101_0.7.17-0.5.1
  • xen-kmp-trace >= 4.1.6_06_3.0.101_0.7.17-0.5.1
  • xen-libs >= 4.1.6_06-0.5.1
  • xen-tools-domU >= 4.1.6_06-0.5.1
Builds
SAT Patch Nr: 8964
SUSE Linux Enterprise Server 11 SP2 LTSS
  • xen >= 4.1.6_06-0.5.1
  • xen-doc-html >= 4.1.6_06-0.5.1
  • xen-doc-pdf >= 4.1.6_06-0.5.1
  • xen-kmp-default >= 4.1.6_06_3.0.101_0.7.17-0.5.1
  • xen-kmp-trace >= 4.1.6_06_3.0.101_0.7.17-0.5.1
  • xen-libs >= 4.1.6_06-0.5.1
  • xen-libs-32bit >= 4.1.6_06-0.5.1
  • xen-tools >= 4.1.6_06-0.5.1
  • xen-tools-domU >= 4.1.6_06-0.5.1
Builds
SAT Patch Nr: 8964
SUSE Linux Enterprise Software Development Kit 11 SP3
  • xen-devel >= 4.2.4_02-0.7.1
Builds
SAT Patch Nr: 8973
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
  • xen-kmp-default >= 4.2.4_02_3.0.101_0.15-0.7.1
  • xen-kmp-pae >= 4.2.4_02_3.0.101_0.15-0.7.1
  • xen-libs >= 4.2.4_02-0.7.1
  • xen-tools-domU >= 4.2.4_02-0.7.1
Builds
SAT Patch Nr: 8973
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
  • xen >= 4.2.4_02-0.7.1
  • xen-doc-html >= 4.2.4_02-0.7.1
  • xen-doc-pdf >= 4.2.4_02-0.7.1
  • xen-kmp-default >= 4.2.4_02_3.0.101_0.15-0.7.1
  • xen-libs >= 4.2.4_02-0.7.1
  • xen-libs-32bit >= 4.2.4_02-0.7.1
  • xen-tools >= 4.2.4_02-0.7.1
  • xen-tools-domU >= 4.2.4_02-0.7.1
Builds
SAT Patch Nr: 8973

© 2014 Novell