Vulnerability CVE-2014-3125: Information

Description

Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors.

Severity: MEDIUM (6.2)

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-3125
Published: May 2, 2014
Modified: Oct. 30, 2018
Error type identifier: CWE-264

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
xenp104.4.0-alt74.14.1-alt2ALT-PU-2014-1616-1119591Fixed
xenp94.4.0-alt74.10.3-alt1ALT-PU-2014-1616-1119591Fixed
xenc10f14.4.0-alt74.14.1-alt2ALT-PU-2014-1616-1119591Fixed
xenc9f24.4.0-alt74.10.3-alt1ALT-PU-2014-1616-1119591Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
1030184
    http://xenbits.xen.org/xsa/advisory-91.html
    • Patch
    • Vendor Advisory
    [oss-security] 20140430 Re: Xen Security Advisory 91 - Hardware timer context is not properly context switched on ARM
      67157
        [oss-security] 20140430 Xen Security Advisory 91 - Hardware timer context is not properly context switched on ARM
          58347
          • Vendor Advisory

            1. Configuration 1

              cpe:2.3:o:xen:xen:4.4.0:rc1:*:*:*:*:*:*
              cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*
          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
          Version: v24.5.0
          Back to top