Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-03-31 23:35
Updated : 2017-01-06 18:59
NVD link : CVE-2014-1895
Mitre link : CVE-2014-1895
JSON object : View
CWE
CWE-189
Numeric Errors
Products Affected
xen
- xen