Summary: | <app-emulation/xen-{4.2.4-r2,4.3.2-r2,4.4.0-r2}: ARM hypervisor crash on guest interrupt controller access (XSA-94) (CVE-2014-2986) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | xen |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/04/23/3 | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-04-23 14:06:33 UTC
CVE-2014-2986 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2986): The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors. bug fixed in versions, and only ARCH=arm affected, (see comments in bug 509054 for more details) xen-4.4.0-r2 xen-4.3.2-r2 xen-4.2.4-r2 Arches and Mainter(s), Thank you for your work. Added to an existing GLSA request. Sorry my mistake. No GLSA needed as there are no stable versions - arm only, no stable versions. |