Vulnerabilities > CVE-2014-9066 - Code vulnerability in multiple products

CVSS 4.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

local

xen

opensuse

CWE-17

nessus

NVD

Published: 2014-12-09

Updated: 2018-10-30

Summary

Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065.

Vulnerable Configurations

Part	Description	Count
OS	Xen XEN XEN - XEN XEN 3.0.2 XEN XEN 3.0.3 XEN XEN 3.0.4 XEN XEN 3.1.3 XEN XEN 3.1.4 XEN XEN 3.2.0 XEN XEN 3.2.1 XEN XEN 3.2.2 XEN XEN 3.2.3 XEN XEN 3.3.0 XEN XEN 3.3.1 XEN XEN 3.3.2 XEN XEN 3.4.0 XEN XEN 3.4.1 XEN XEN 3.4.2 XEN XEN 3.4.3 XEN XEN 3.4.4 XEN XEN 4.0.0 XEN XEN 4.0.1 XEN XEN 4.0.2 XEN XEN 4.0.3 XEN XEN 4.0.4 XEN XEN 4.1.0 XEN XEN 4.1.1 XEN XEN 4.1.2 XEN XEN 4.1.3 XEN XEN 4.1.4 XEN XEN 4.1.5 XEN XEN 4.1.6 XEN XEN 4.1.6.1 XEN XEN 4.2.0 XEN XEN 4.2.1 XEN XEN 4.2.2 XEN XEN 4.2.3 XEN XEN 4.2.4 XEN XEN 4.2.5 XEN XEN 4.3.0 XEN XEN 4.3.1 XEN XEN 4.3.2 XEN XEN 4.3.3 XEN XEN 4.3.4 XEN XEN 4.4.0 XEN XEN 4.4.1	78
OS	Opensuse Opensuse Opensuse 13.1 Opensuse Opensuse 13.2	2

Common Weakness Enumeration (CWE)

CWE-17 - Code

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-0613-1.NASL
description	The XEN hypervisor received updates to fix various security issues and bugs. The following security issues were fixed : - CVE-2015-2151: XSA-123: A hypervisor memory corruption due to x86 emulator flaw. - CVE-2015-2045: XSA-122: Information leak through version information hypercall. - CVE-2015-2044: XSA-121: Information leak via internal x86 system device emulation. - CVE-2015-2152: XSA-119: HVM qemu was unexpectedly enabling emulated VGA graphics backends. - CVE-2014-3615: Information leakage when guest sets high graphics resolution. - CVE-2015-0361: XSA-116: A xen crash due to use after free on hvm guest teardown. - CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation. Also the following bugs were fixed : - bnc#919098 - XEN blktap device intermittently fails to connect - bnc#882089 - Windows 2012 R2 fails to boot up with greater than 60 vcpus - bnc#903680 - Problems with detecting free loop devices on Xen guest startup - bnc#861318 - xentop reports
last seen	2020-06-01
modified	2020-06-02
plugin id	83707
published	2015-05-20
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/83707
title	SUSE SLED12 / SLES12 Security Update : Xen (SUSE-SU-2015:0613-1)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201504-04.NASL
description	The remote host is affected by the vulnerability described in GLSA-201504-04 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly cause a Denial of Service condition or obtain sensitive information. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	82734
published	2015-04-13
reporter	This script is Copyright (C) 2015 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/82734
title	GLSA-201504-04 : Xen: Multiple vulnerabilities

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2015-0004.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0004 for details.
last seen	2020-06-01
modified	2020-06-02
plugin id	80928
published	2015-01-23
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/80928
title	OracleVM 3.3 : xen (OVMSA-2015-0004)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-0744-1.NASL
description	The Virtualization service XEN was updated to fix various bugs and security issues. The following security issues have been fixed : XSA-125: Long latency MMIO mapping operations were not preemptible. CVE-2015-2151: XSA-123: Instructions with register operands ignored eventual segment overrides encoded for them. Due to an insufficiently conditional assignment such a bogus segment override could have, however, corrupted a pointer used subsequently to store the result of the instruction. CVE-2015-2045: XSA-122: The code handling certain sub-operations of the HYPERVISOR_xen_version hypercall failed to fully initialize all fields of structures subsequently copied back to guest memory. Due to this hypervisor stack contents were copied into the destination of the operation, thus becoming visible to the guest. CVE-2015-2044: XSA-121: Emulation routines in the hypervisor dealing with certain system devices checked whether the access size by the guest is a supported one. When the access size is unsupported these routines failed to set the data to be returned to the guest for read accesses, so that hypervisor stack contents were copied into the destination of the operation, thus becoming visible to the guest. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	83717
published	2015-05-20
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/83717
title	SUSE SLES10 Security Update : Xen (SUSE-SU-2015:0744-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-129.NASL
description	The XEN virtualization was updated to fix bugs and security issues : Security issues fixed: CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation CVE-2014-9030: XSA-113: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling CVE-2014-8867: XSA-112: xen: Insufficient bounding of
last seen	2020-06-05
modified	2015-02-12
plugin id	81305
published	2015-02-12
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/81305
title	openSUSE Security Update : xen (openSUSE-2015-129)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-113.NASL
description	The virtualization software XEN was updated to version 4.3.3 and also to fix bugs and security issues. Security issues fixed: CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation CVE-2014-9030: XSA-113: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling CVE-2014-8867: XSA-112: xen: Insufficient bounding of
last seen	2020-06-05
modified	2015-02-09
plugin id	81239
published	2015-02-09
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/81239
title	openSUSE Security Update : xen (openSUSE-2015-113)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References