Vulnerability CVE-2014-2599

Vulnerability Name:

CVE-2014-2599 (CCN-92101)

Assigned:

2014-03-25

Published:

2014-03-25

Updated:

2017-01-07

Summary:

The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2014-2599

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2014:1279

Source: CCN
Type: oss-security Mailing List, Tue 25 Mar 2014
Xen Security Advisory 89 - HVMOP_set_mem_access is not preemptible

Source: GENTOO
Type: UNKNOWN
GLSA-201407-03

Source: DEBIAN
Type: UNKNOWN
DSA-3006

Source: MLIST
Type: UNKNOWN
[oss-security] 20140325 Xen Security Advisory 89 - HVMOP_set_mem_access is not preemptible

Source: MLIST
Type: UNKNOWN
[oss-security] 20140325 Re: Xen Security Advisory 89 - HVMOP_set_mem_access is not preemptible

Source: BID
Type: UNKNOWN
66407

Source: CCN
Type: BID-66407
Xen '/hvm/hvm.c' Remote Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1029956

Source: CONFIRM
Type: Patch, Vendor Advisory
http://xenbits.xen.org/xsa/advisory-89.html

Source: CCN
Type: XSA-89
HVMOP_set_mem_access is not preemptible

Source: XF
Type: UNKNOWN
xen-cve20142599-dos(92101)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-2599

Vulnerable Configuration:

Configuration 1:

cpe:/o:xen:xen:4.1.0:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.0:*:*:*:x86:*:*:*

OR cpe:/o:xen:xen:4.1.1:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.1:*:*:*:x86:*:*:*

OR cpe:/o:xen:xen:4.1.2:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.2:*:*:*:x86:*:*:*

OR cpe:/o:xen:xen:4.1.3:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.3:*:*:*:x86:*:*:*

OR cpe:/o:xen:xen:4.1.4:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.4:*:*:*:x86:*:*:*

OR cpe:/o:xen:xen:4.1.5:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.5:*:*:*:x86:*:*:*

OR cpe:/o:xen:xen:4.1.6.1:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.6.1:*:*:*:x86:*:*:*

OR cpe:/o:xen:xen:4.2.0:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.2.1:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.2.2:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.2.3:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.3.0:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.3.1:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.3.2:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.4.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20142599	V	CVE-2014-2599	2022-05-20
oval:org.opensuse.security:def:34673	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:26218	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:30285	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:55978	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:34596	P	Security update for webkit2gtk3 (Important)	2021-11-23
oval:org.opensuse.security:def:29447	P	Security update for postgresql96 (Important)	2021-11-22
oval:org.opensuse.security:def:56090	P	Security update for MozillaFirefox (Important)	2021-11-17
oval:org.opensuse.security:def:26161	P	Security update for samba (Important)	2021-11-10
oval:org.opensuse.security:def:33995	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:57521	P	Security update for transfig (Important)	2021-10-29
oval:org.opensuse.security:def:26143	P	Security update for curl (Moderate)	2021-10-11
oval:org.opensuse.security:def:31688	P	Security update for python-urllib3 (Moderate)	2021-09-29
oval:org.opensuse.security:def:26132	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:26131	P	Security update for xen (Moderate)	2021-09-21
oval:org.opensuse.security:def:34539	P	Security update for postgresql13 (Moderate)	2021-09-16
oval:org.opensuse.security:def:32160	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:56052	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:33951	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:55221	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:31650	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:26080	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:33927	P	Security update for caribou (Important)	2021-06-10
oval:org.opensuse.security:def:30211	P	Security update for caribou (Important)	2021-06-10
oval:org.opensuse.security:def:42734	P	xen-4.4.2_08-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36327	P	xen-4.4.2_08-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36582	P	xen-devel-4.4.2_08-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32103	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:30200	P	Security update for dhcp (Important)	2021-06-01
oval:org.opensuse.security:def:30199	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:34441	P	Security update for libX11 (Moderate)	2021-05-26
oval:org.opensuse.security:def:29361	P	Security update for the Linux Kernel (Important)	2021-05-17
oval:org.opensuse.security:def:55886	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:33888	P	Security update for fwupdate (Important)	2021-04-08
oval:org.opensuse.security:def:26207	P	Security update for openssl-1_1 (Moderate)	2021-03-09
oval:org.opensuse.security:def:33782	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:34633	P	Security update for tomcat (Moderate)	2021-02-19
oval:org.opensuse.security:def:32247	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:57447	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:33625	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:55778	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:32011	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:28858	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:35699	P	freeradius-server-2.1.1-7.10.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35740	P	libarchive2-2.5.5-5.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:29946	P	Security update for python3 (Important)	2020-12-02
oval:org.opensuse.security:def:54648	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33385	P	Security update for compat-openssl097g (Moderate)	2020-12-01
oval:org.opensuse.security:def:26708	P	glibc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28127	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:34209	P	Security update for perl-PlRPC (Moderate)	2020-12-01
oval:org.opensuse.security:def:26335	P	security update for go (Low)	2020-12-01
oval:org.opensuse.security:def:29589	P	Security update for apache2-mod_python	2020-12-01
oval:org.opensuse.security:def:26461	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:29230	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:34903	P	Security update for dhcpcd (Important)	2020-12-01
oval:org.opensuse.security:def:26907	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31805	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27091	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29902	P	Security update for krb5	2020-12-01
oval:org.opensuse.security:def:25888	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26746	P	libfreebl3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30805	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:32547	P	libapr-util1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27409	P	gimp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30417	P	Security update for xorg-x11-libXfixes	2020-12-01
oval:org.opensuse.security:def:26594	P	libopensc2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27875	P	Security update for rubygem-activesupport	2020-12-01
oval:org.opensuse.security:def:54647	P	pcsc-ccid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33250	P	rsync on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26557	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28088	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:31012	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:29504	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29161	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34845	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:26863	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31794	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:27038	P	sysstat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29884	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25877	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26665	P	acpid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30650	P	Security update for Image Magick	2020-12-01
oval:org.opensuse.security:def:32508	P	expat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35061	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:27408	P	ghostscript-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33537	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:26555	P	glib2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27237	P	mailman on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33171	P	libpixman-1-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28039	P	Security update for crash (Low)	2020-12-01
oval:org.opensuse.security:def:30968	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:33290	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27694	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:27325	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29150	P	Security update for libexif (Moderate)	2020-12-01
oval:org.opensuse.security:def:55048	P	yast2-users on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34686	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:26849	P	zoo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28823	P	Security update for python-setuptools	2020-12-01
oval:org.opensuse.security:def:31793	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:34305	P	Security update for quagga (Moderate)	2020-12-01
oval:org.opensuse.security:def:26887	P	ed on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29845	P	Security update for Kernel	2020-12-01
oval:org.opensuse.security:def:56171	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25876	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:26537	P	dhcp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30563	P	Security update for pixman	2020-12-01
oval:org.opensuse.security:def:32459	P	Security update for xorg-x11-libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:35017	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:26506	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:27193	P	libltdl7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30621	P	Security update for xen	2020-12-01
oval:org.opensuse.security:def:33160	P	libmpfr1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27986	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:30948	P	Recommended update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:33251	P	rsyslog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27612	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:55493	P	Security update for webkitgtk (Moderate)	2020-12-01
oval:org.opensuse.security:def:27290	P	shim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29149	P	Security update for libcdio (Low)	2020-12-01
oval:org.opensuse.security:def:54810	P	imobiledevice-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26810	P	pure-ftpd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28185	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34221	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26803	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29796	P	Security update for hplip	2020-12-01
oval:org.opensuse.security:def:26473	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32403	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:34991	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:27580	P	xen-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26453	P	Security update for kauth (Moderate)	2020-12-01
oval:org.opensuse.security:def:27179	P	libdrm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30584	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:33159	P	liblzo2-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27835	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:30909	P	Security update for freetype2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32613	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27484	P	libsndfile-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55327	P	mailx on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33839	P	Security update for graphviz (Low)	2020-12-01
oval:org.opensuse.security:def:26652	P	xorg-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54670	P	rpcbind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33480	P	Security update for libneon	2020-12-01
oval:org.opensuse.security:def:26761	P	libpulse-browse0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28141	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:34210	P	Security update for perl-XML-LibXML (Important)	2020-12-01
oval:org.opensuse.security:def:26416	P	Security update for nginx (Moderate)	2020-12-01
oval:org.opensuse.security:def:29742	P	Security update for fuse (Moderate)	2020-12-01
oval:org.opensuse.security:def:26462	P	Security update for Mozilla Thunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:34952	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:27545	P	python-imaging on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31879	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:26302	P	Security update for python-PyYAML (Moderate)	2020-12-01
oval:org.opensuse.security:def:27140	P	gstreamer-0_10-plugins-base on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25952	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27751	P	Security update for giflib (Moderate)	2020-12-01
oval:org.opensuse.security:def:30860	P	Security update for e2fsprogs (Moderate)	2020-12-01
oval:org.opensuse.security:def:32569	P	libsoup-2_4-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27420	P	imlib2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30506	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:26608	P	libxml2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27910	P	Security update for Xen	2020-12-01
oval:org.mitre.oval:def:28083	P	SUSE-SU-2014:1318-1 -- Security update for Xen (moderate)	2014-12-29
oval:org.mitre.oval:def:26366	P	DSA-3006-1 xen - security update	2014-10-27
oval:org.opensuse.security:def:80155	P	Security update for Xen	2014-10-02
oval:com.ubuntu.precise:def:20142599000	V	CVE-2014-2599 on Ubuntu 12.04 LTS (precise) - medium.	2014-03-28
oval:com.ubuntu.trusty:def:20142599000	V	CVE-2014-2599 on Ubuntu 14.04 LTS (trusty) - medium.	2014-03-28

BACK