Fedora: DSA-5140-3 Critical: QEMU Security Flaw and Service Disruption
debian
January 27, 2015
Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation
Topics Covered
Summary
Multiple security issues have been discovered in the Xen virtualisation
solution which may result in denial of service, information disclosure
or privilege escalation.
CVE-2014-8594
Roger Pau Monne and Jan Beulich discovered that incomplete
restrictions on MMU update hypercalls may result in privilege
escalation.
CVE-2014-8595
Jan Beulich discovered that missing privilege level checks in the
x86 emulation of far branches may result in privilege escalation.
CVE-2014-8866
Jan Beulich discovered that an error in compatibility mode hypercall
argument translation may result in denial of service.
CVE-2014-8867
Jan Beulich discovered that an insufficient restriction in
acceleration support for the "REP MOVS" instruction may result in
denial of service.
CVE-2014-9030
Andrew Cooper discovered a page reference leak in MMU_MACHPHYS_UPDATE
handling, resulting in denial of service.
For the stable distribution (wheezy), these problems have been fixed in
version 4.1.4-3+...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: xen
CVE ID: CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!