Summary: | <app-emulation/xen-4.4.0-r6: Flaw in handling unknown system register access from 64-bit userspace on ARM (XSA-103) (CVE-2014-5148) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | xen |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/08/12/3 | ||
Whiteboard: | ~1 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-08-13 09:09:56 UTC
fixed in app-emulation/xen-4.4.0-r6, vulnerable version has been cleaned. and I'm closing this bug. thanks. CVE-2014-5148 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5148): Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process. |