Summary: | app-emulation/xen-{4.2.4-r2,4.3.2-r2,4.4.0-r2}: Hardware features unintentionally exposed to guests on ARM (XSA-93) (CVE-2014-2915) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | xen |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/04/22/9 | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-04-22 15:44:35 UTC
CVE-2014-2915 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2915): Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vectors, related to (1) cache control, (2) coprocessors, (3) debug registers, and (4) other unspecified registers. CVE-2014-2915 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2915): Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vectors, related to (1) cache control, (2) coprocessors, (3) debug registers, and (4) other unspecified registers. bug fixed in versions, and only ARCH=arm affected, (see comments in bug 509054 for more details) xen-4.4.0-r2 xen-4.3.2-r2 xen-4.2.4-r2 Maintainer(s), Thank you for cleanup! No GLSA needed as there are no stable versions for ARM. |