Vulnerabilities > CVE-2014-7154 - Race Condition vulnerability in multiple products
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 | |
| OS | 1 | |
| OS | 16 | |
| OS | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2014-11271.NASL description Race condition in HVMOP_track_dirty_vram [XSA-104] (#1145736) Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105] (#1145737) Missing privilege level checks in x86 emulation of software interrupts [XSA-106] (#1145738) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-09-29 plugin id 77933 published 2014-09-29 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77933 title Fedora 21 : xen-4.4.1-4.fc21 (2014-11271) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-11271. # include("compat.inc"); if (description) { script_id(77933); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-7154", "CVE-2014-7155", "CVE-2014-7156"); script_bugtraq_id(59982, 70055, 70057, 70062); script_xref(name:"FEDORA", value:"2014-11271"); script_name(english:"Fedora 21 : xen-4.4.1-4.fc21 (2014-11271)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Race condition in HVMOP_track_dirty_vram [XSA-104] (#1145736) Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105] (#1145737) Missing privilege level checks in x86 emulation of software interrupts [XSA-106] (#1145738) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1140254" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1140266" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1140271" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-September/139234.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c19aca6b" ); script_set_attribute(attribute:"solution", value:"Update the affected xen package."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC21", reference:"xen-4.4.1-4.fc21")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-42.NASL description The remote host is affected by the vulnerability described in GLSA-201412-42 (Xen: Denial of Service) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : A local user could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 80263 published 2014-12-29 reporter This script is Copyright (C) 2014-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80263 title GLSA-201412-42 : Xen: Denial of Service code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201412-42. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(80263); script_version("$Revision: 1.3 $"); script_cvs_date("$Date: 2015/04/13 14:33:56 $"); script_cve_id("CVE-2014-7154", "CVE-2014-7155", "CVE-2014-7156", "CVE-2014-7188"); script_bugtraq_id(70055, 70057, 70062, 70198); script_xref(name:"GLSA", value:"201412-42"); script_name(english:"GLSA-201412-42 : Xen: Denial of Service"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201412-42 (Xen: Denial of Service) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : A local user could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201412-42" ); script_set_attribute( attribute:"solution", value: "All xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/xen-4.2.5-r1' All xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/xen-4.3.3-r3'" ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-emulation/xen", unaffected:make_list("rge 4.2.5-r1", "ge 4.3.3-r3"), vulnerable:make_list("lt 4.3.3-r3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-580.NASL description XEN was updated to fix security issues and bugs. Security issues fixed : - bnc#897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc#895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc#895799 - CVE-2014-7155: XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation - bnc#895798 - CVE-2014-7154: XSA-104: Race condition in HVMOP_track_dirty_vram - bnc#864801 - CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load - bnc#875668 - CVE-2014-3124: XSA-92: HVMOP_set_mem_type allows invalid P2M entries to be created - bnc#878841 - CVE-2014-3967, CVE-2014-3968: XSA-96: Xen: Vulnerabilities in HVM MSI injection - bnc#880751 - CVE-2014-4021: XSA-100: Hypervisor heap contents leaked to guests - bnc#842006 - CVE-2013-4344: XSA-65: xen: qemu SCSI REPORT LUNS buffer overflow Other bugs fixed : - bnc#896023 - Adjust xentop column layout - bnc#820873 - The last seen 2020-06-05 modified 2014-10-10 plugin id 78117 published 2014-10-10 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78117 title openSUSE Security Update : xen (openSUSE-SU-2014:1281-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-580. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(78117); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-4344", "CVE-2013-4540", "CVE-2014-3124", "CVE-2014-3967", "CVE-2014-3968", "CVE-2014-4021", "CVE-2014-7154", "CVE-2014-7155", "CVE-2014-7156", "CVE-2014-7188"); script_name(english:"openSUSE Security Update : xen (openSUSE-SU-2014:1281-1)"); script_summary(english:"Check for the openSUSE-2014-580 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "XEN was updated to fix security issues and bugs. Security issues fixed : - bnc#897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc#895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc#895799 - CVE-2014-7155: XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation - bnc#895798 - CVE-2014-7154: XSA-104: Race condition in HVMOP_track_dirty_vram - bnc#864801 - CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load - bnc#875668 - CVE-2014-3124: XSA-92: HVMOP_set_mem_type allows invalid P2M entries to be created - bnc#878841 - CVE-2014-3967, CVE-2014-3968: XSA-96: Xen: Vulnerabilities in HVM MSI injection - bnc#880751 - CVE-2014-4021: XSA-100: Hypervisor heap contents leaked to guests - bnc#842006 - CVE-2013-4344: XSA-65: xen: qemu SCSI REPORT LUNS buffer overflow Other bugs fixed : - bnc#896023 - Adjust xentop column layout - bnc#820873 - The 'long' option doesn't work with 'xl list' - bnc#882127 - Xen kernel panics on booting SLES12 Beta 8 - bnc#865682 - Local attach support for PHY backends using scripts - bnc#798770 - Improve multipath support for npiv devices" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=798770" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=820873" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=842006" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=864801" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=865682" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=875668" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=878841" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=880751" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=882127" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=895798" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=895799" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=895802" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=896023" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=897657" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-10/msg00010.html" ); script_set_attribute(attribute:"solution", value:"Update the affected xen packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-xend-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"xen-debugsource-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-devel-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-default-4.3.2_02_k3.11.10_21-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-default-debuginfo-4.3.2_02_k3.11.10_21-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-desktop-4.3.2_02_k3.11.10_21-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-desktop-debuginfo-4.3.2_02_k3.11.10_21-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-pae-4.3.2_02_k3.11.10_21-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-pae-debuginfo-4.3.2_02_k3.11.10_21-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-libs-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-libs-debuginfo-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-tools-domU-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-tools-domU-debuginfo-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-doc-html-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-libs-32bit-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-tools-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-tools-debuginfo-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-xend-tools-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-xend-tools-debuginfo-4.3.2_02-27.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3041.NASL description Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation. last seen 2020-03-17 modified 2014-10-02 plugin id 78027 published 2014-10-02 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78027 title Debian DSA-3041-1 : xen - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1710-1.NASL description xen was updated to fix 14 security issues : - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). - Insufficient bounding of last seen 2020-06-05 modified 2015-05-20 plugin id 83654 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83654 title SUSE SLES11 Security Update : xen (SUSE-SU-2014:1710-1) NASL family Fedora Local Security Checks NASL id FEDORA_2014-12000.NASL description Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] Race condition in HVMOP_track_dirty_vram [XSA-104] (#1145736) Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105] (#1145737) Missing privilege level checks in x86 emulation of software interrupts [XSA-106] (#1145738) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-10-12 plugin id 78375 published 2014-10-12 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78375 title Fedora 19 : xen-4.2.5-3.fc19 (2014-12000) NASL family SuSE Local Security Checks NASL id SUSE_11_XEN-201409-141002.NASL description The SUSE Linux Enterprise 11 Service Pack 3 Xen package was updated to fix various bugs and security issues. The following security issues have been fixed : - XSA-108: CVE-2014-7188: Improper MSR range used for x2APIC emulation. (bnc#897657) - XSA-106: CVE-2014-7156: Missing privilege level checks in x86 emulation of software interrupts. (bnc#895802) - XSA-105: CVE-2014-7155: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation. (bnc#895799) - XSA-104: CVE-2014-7154: Race condition in HVMOP_track_dirty_vram. (bnc#895798) - XSA-100: CVE-2014-4021: Hypervisor heap contents leaked to guests. (bnc#880751) - XSA-96: CVE-2014-3967 / CVE-2014-3968: Vulnerabilities in HVM MSI injection. (bnc#878841) - XSA-89: CVE-2014-2599: HVMOP_set_mem_access is not preemptible. (bnc#867910) - XSA-65: CVE-2013-4344: qemu SCSI REPORT LUNS buffer overflow. (bnc#842006) - qemu: zaurus: buffer overrun on invalid state load (bnc#864801) The following non-security issues have been fixed:. (CVE-2013-4540) - xend: Fix netif convertToDeviceNumber for running domains. (bnc#891539) - Installing SLES12 as a VM on SLES11 SP3 fails because of btrfs in the VM. (bnc#882092) - XEN kernel panic do_device_not_available(). (bnc#881900) - Boot Failure with xen kernel in UEFI mode with error last seen 2020-06-05 modified 2014-10-23 plugin id 78652 published 2014-10-23 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78652 title SuSE 11.3 Security Update : Xen (SAT Patch Number 9828) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-579.NASL description XEN was updated to fix various bugs and security issues. Security issues fixed : - bnc#897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc#895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc#895799 - CVE-2014-7155: XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation - bnc#895798 - CVE-2014-7154: XSA-104: Race condition in HVMOP_track_dirty_vram - bnc#864801 - CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load - bnc#880751 - CVE-2014-4021: XSA-100: Hypervisor heap contents leaked to guests - bnc#878841 - CVE-2014-3967,CVE-2014-3968: XSA-96: Vulnerabilities in HVM MSI injection - bnc#867910 - CVE-2014-2599: XSA-89: HVMOP_set_mem_access is not preemptible - bnc#842006 - CVE-2013-4344: XSA-65: xen: qemu SCSI REPORT LUNS buffer overflow Other bugs fixed : - bnc#896023 - Adjust xentop column layout - bnc#891539 - xend: fix netif convertToDeviceNumber for running domains - bnc#820873 - The last seen 2020-06-05 modified 2014-10-10 plugin id 78116 published 2014-10-10 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78116 title openSUSE Security Update : xen (openSUSE-SU-2014:1279-1) NASL family Fedora Local Security Checks NASL id FEDORA_2014-12036.NASL description Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] Race condition in HVMOP_track_dirty_vram [XSA-104] (#1145736) Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105] (#1145737) Missing privilege level checks in x86 emulation of software interrupts [XSA-106] (#1145738) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-10-12 plugin id 78376 published 2014-10-12 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78376 title Fedora 20 : xen-4.3.3-3.fc20 (2014-12036) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1732-1.NASL description xen was updated to fix 10 security issues : - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). - Insufficient bounding of last seen 2020-06-05 modified 2015-05-20 plugin id 83659 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83659 title SUSE SLES11 Security Update : xen (SUSE-SU-2014:1732-1)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
- http://secunia.com/advisories/61501
- http://secunia.com/advisories/61890
- http://security.gentoo.org/glsa/glsa-201412-42.xml
- http://www.debian.org/security/2014/dsa-3041
- http://www.securitytracker.com/id/1030887
- http://xenbits.xen.org/xsa/advisory-104.html