Computer Security
[EN] securityvulns.ru no-pyccku


Xen buffer overflow
Published:15.05.2014
Source:
SecurityVulns ID:13779
Type:local
Threat Level:
5/10
Description:Buffer overflow on guest system kernel image loading.
Affected:XEN : Xen 4.4
CVE:CVE-2014-3717 (Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow.)
 CVE-2014-3716 (Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel.)
 CVE-2014-3715 (Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB.)
 CVE-2014-3714 (The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow.)
Original documentdocumentXEN, [oss-security] Xen Security Advisory 95 - input handling vulnerabilities loading guest kernel on ARM (15.05.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod