All errata/sisyphus/ALT-PU-2014-2061-1
ALT-PU-2014-2061-1

Package update xen in branch sisyphus

Version4.4.1-alt1
Task#128919
Published2014-09-03
Max severityMEDIUM
Severity:

Closed issues (4)

CVE-2014-4611
MEDIUM5.0

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.

Published: 2014-07-03Modified: 2025-04-12
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
References
CVE-2014-5146
MEDIUM4.7

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149.

Published: 2014-08-22Modified: 2025-04-12
CVSS 2.0MEDIUM 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
References
CVE-2014-5147
MEDIUM4.3

Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process.

Published: 2014-08-29Modified: 2025-04-12
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:A/AC:H/Au:S/C:N/I:N/A:C
References
CVE-2014-5148
MEDIUM4.6

Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process.

Published: 2014-10-26Modified: 2025-04-12
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P
References