Vulnerabilities > CVE-2014-8595 - Code vulnerability in multiple products
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
OS | Xen
| 30 |
OS | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2014-15521.NASL description Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling Insufficient restrictions on certain MMU update hypercalls, Missing privilege level checks in x86 emulation of far branches, Add fix for CVE-2014-0150 to qemu-dm, though it probably isn last seen 2020-03-17 modified 2014-12-02 plugin id 79652 published 2014-12-02 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79652 title Fedora 20 : xen-4.3.3-5.fc20 (2014-15521) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201504-04.NASL description The remote host is affected by the vulnerability described in GLSA-201504-04 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly cause a Denial of Service condition or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 82734 published 2015-04-13 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82734 title GLSA-201504-04 : Xen: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1691-1.NASL description Xen has been updated to fix six security issues : - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). - Insufficient bounding of last seen 2020-06-05 modified 2015-05-20 plugin id 83651 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83651 title SUSE SLES10 Security Update : Xen (SUSE-SU-2014:1691-1) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0004.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0004 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 80928 published 2015-01-23 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80928 title OracleVM 3.3 : xen (OVMSA-2015-0004) NASL family Fedora Local Security Checks NASL id FEDORA_2014-15503.NASL description Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling Insufficient restrictions on certain MMU update hypercalls, Missing privilege level checks in x86 emulation of far branches, Add fix for CVE-2014-0150 to qemu-dm, though it probably isn last seen 2020-03-17 modified 2014-12-02 plugin id 79651 published 2014-12-02 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79651 title Fedora 19 : xen-4.2.5-5.fc19 (2014-15503) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1710-1.NASL description xen was updated to fix 14 security issues : - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). - Insufficient bounding of last seen 2020-06-05 modified 2015-05-20 plugin id 83654 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83654 title SUSE SLES11 Security Update : xen (SUSE-SU-2014:1710-1) NASL family Misc. NASL id CITRIX_XENSERVER_CTX200288.NASL description The remote host is running a version of Citrix XenServer that is affected by multiple vulnerabilities : - A local privilege escalation vulnerability exists due to improperly restricted access to last seen 2020-06-01 modified 2020-06-02 plugin id 79745 published 2014-12-05 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79745 title Citrix XenServer Multiple Vulnerabilities (CTX200288) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2018-0248.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0248 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 111992 published 2018-08-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111992 title OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0096.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0096 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 85038 published 2015-07-28 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85038 title OracleVM 3.2 : xen (OVMSA-2015-0096) NASL family SuSE Local Security Checks NASL id SUSE_11_XEN-11SP3-2014-11-26-141127.NASL description Xen has been updated to version 4.2.5 with additional patches to fix six security issues : - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling. (CVE-2014-9030) - Insufficient bounding of last seen 2020-06-05 modified 2014-12-26 plugin id 80254 published 2014-12-26 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80254 title SuSE 11.3 Security Update : Xen (SAT Patch Number 10018) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-129.NASL description The XEN virtualization was updated to fix bugs and security issues : Security issues fixed: CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation CVE-2014-9030: XSA-113: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling CVE-2014-8867: XSA-112: xen: Insufficient bounding of last seen 2020-06-05 modified 2015-02-12 plugin id 81305 published 2015-02-12 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81305 title openSUSE Security Update : xen (openSUSE-2015-129) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3140.NASL description Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation. - CVE-2014-8594 Roger Pau Monne and Jan Beulich discovered that incomplete restrictions on MMU update hypercalls may result in privilege escalation. - CVE-2014-8595 Jan Beulich discovered that missing privilege level checks in the x86 emulation of far branches may result in privilege escalation. - CVE-2014-8866 Jan Beulich discovered that an error in compatibility mode hypercall argument translation may result in denial of service. - CVE-2014-8867 Jan Beulich discovered that an insufficient restriction in acceleration support for the last seen 2020-03-17 modified 2015-01-28 plugin id 81027 published 2015-01-28 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81027 title Debian DSA-3140-1 : xen - security update NASL family Fedora Local Security Checks NASL id FEDORA_2014-15951.NASL description Excessive checking in compatibility mode hypercall argument translation, Insufficient bounding of last seen 2020-03-17 modified 2014-12-15 plugin id 79902 published 2014-12-15 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79902 title Fedora 21 : xen-4.4.1-9.fc21 (2014-15951) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-113.NASL description The virtualization software XEN was updated to version 4.3.3 and also to fix bugs and security issues. Security issues fixed: CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation CVE-2014-9030: XSA-113: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling CVE-2014-8867: XSA-112: xen: Insufficient bounding of last seen 2020-06-05 modified 2015-02-09 plugin id 81239 published 2015-02-09 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81239 title openSUSE Security Update : xen (openSUSE-2015-113) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1732-1.NASL description xen was updated to fix 10 security issues : - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). - Insufficient bounding of last seen 2020-06-05 modified 2015-05-20 plugin id 83659 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83659 title SUSE SLES11 Security Update : xen (SUSE-SU-2014:1732-1)
References
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html
- http://secunia.com/advisories/62537
- http://secunia.com/advisories/62672
- http://support.citrix.com/article/CTX200288
- http://support.citrix.com/article/CTX201794
- http://www.debian.org/security/2015/dsa-3140
- http://www.securityfocus.com/bid/71151
- http://xenbits.xen.org/xsa/advisory-110.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98768
- https://security.gentoo.org/glsa/201504-04