Executive Summary

Informations
Name CVE-2014-7188 First vendor Publication 2014-10-02
Vendor Cve Last vendor Modification 2018-10-30

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 8.3 Attack Range Adjacent network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 6.5 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7188

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26783
 
Oval ID: oval:org.mitre.oval:def:26783
Title: DSA-3041-1 xen - security update
Description: Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation.
Family: unix Class: patch
Reference(s): DSA-3041-1
CVE-2013-2072
CVE-2014-7154
CVE-2014-7155
CVE-2014-7156
CVE-2014-7188
 Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
 Product(s): xen
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28083
 
Oval ID: oval:org.mitre.oval:def:28083
Title: SUSE-SU-2014:1318-1 -- Security update for Xen (moderate)
Description: The SUSE Linux Enterprise 11 Service Pack 3 Xen package was updated to fix various bugs and security issues. The following security issues have been fixed: * XSA-108: CVE-2014-7188: Improper MSR range used for x2APIC emulation (bnc#897657) * XSA-106: CVE-2014-7156: Missing privilege level checks in x86 emulation of software interrupts (bnc#895802) * XSA-105: CVE-2014-7155: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (bnc#895799) * XSA-104: CVE-2014-7154: Race condition in HVMOP_track_dirty_vram (bnc#895798) * XSA-100: CVE-2014-4021: Hypervisor heap contents leaked to guests (bnc#880751) * XSA-96: CVE-2014-3967, CVE-2014-3968: Vulnerabilities in HVM MSI injection (bnc#878841) * XSA-89: CVE-2014-2599: HVMOP_set_mem_access is not preemptible (bnc#867910) * XSA-65: CVE-2013-4344: qemu SCSI REPORT LUNS buffer overflow (bnc#842006) * CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load (bnc#864801) The following non-security issues have been fixed: * xend: Fix netif convertToDeviceNumber for running domains (bnc#891539) * Installing SLES12 as a VM on SLES11 SP3 fails because of btrfs in the VM (bnc#882092) * XEN kernel panic do_device_not_available() (bnc#881900) * Boot Failure with xen kernel in UEFI mode with error "No memory for trampoline" (bnc#833483) * SLES 11 SP3 vm-install should get RHEL 7 support when released (bnc#862608) * SLES 11 SP3 XEN kiso version cause softlockup on 8 blades npar(480 cpu) (bnc#858178) * Local attach support for PHY backends using scripts local_attach_support_for_phy.patch (bnc#865682) * Improve multipath support for npiv devices block-npiv (bnc#798770) Security Issues: * CVE-2013-4344 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4344> * CVE-2013-4540 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4540> * CVE-2014-2599 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599> * CVE-2014-3967 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3967> * CVE-2014-3968 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3968> * CVE-2014-4021 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021> * CVE-2014-7154 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7154> * CVE-2014-7155 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7155> * CVE-2014-7156 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7156> * CVE-2014-7188 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7188>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1318-1
CVE-2013-4344
CVE-2013-4540
CVE-2014-2599
CVE-2014-3967
CVE-2014-3968
CVE-2014-4021
CVE-2014-7154
CVE-2014-7155
CVE-2014-7156
CVE-2014-7188
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
 Product(s): Xen
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 16

Nessus® Vulnerability Scanner

Date Description
2015-06-12 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2015-0068.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1710-1.nasl - Type : ACT_GATHER_INFO
2014-12-29 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-42.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2014-0025.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2014-0026.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_xen-201409-141002.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Fedora host is missing a security update.
File : fedora_2014-12000.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Fedora host is missing a security update.
File : fedora_2014-12036.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-579.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-580.nasl - Type : ACT_GATHER_INFO
2014-10-09 Name : The remote Fedora host is missing a security update.
File : fedora_2014-12002.nasl - Type : ACT_GATHER_INFO
2014-10-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3041.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/70198
CONFIRM http://support.citrix.com/article/CTX200218
http://support.citrix.com/article/CTX201794
http://xenbits.xen.org/xsa/advisory-108.html
DEBIAN http://www.debian.org/security/2014/dsa-3041
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140199...
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418...
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483...
GENTOO http://security.gentoo.org/glsa/glsa-201412-42.xml
MISC http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf
SECTRACK http://www.securitytracker.com/id/1030936
SECUNIA http://secunia.com/advisories/61664
http://secunia.com/advisories/61858
http://secunia.com/advisories/61890
SUSE http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/96785

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Date Informations
2021-05-04 12:33:54
  • Multiple Updates
2021-04-22 01:41:03
  • Multiple Updates
2020-05-23 00:42:15
  • Multiple Updates
2018-10-31 00:20:39
  • Multiple Updates
2017-09-08 09:23:09
  • Multiple Updates
2017-04-10 09:24:22
  • Multiple Updates
2017-01-03 09:22:55
  • Multiple Updates
2016-12-08 09:23:32
  • Multiple Updates
2016-06-29 00:39:21
  • Multiple Updates
2016-04-27 01:12:24
  • Multiple Updates
2015-06-13 13:27:56
  • Multiple Updates
2015-05-21 13:31:41
  • Multiple Updates
2014-12-30 13:25:05
  • Multiple Updates
2014-12-07 09:26:24
  • Multiple Updates
2014-12-03 09:27:34
  • Multiple Updates
2014-11-27 13:28:37
  • Multiple Updates
2014-11-14 13:29:06
  • Multiple Updates
2014-10-24 13:28:43
  • Multiple Updates
2014-10-24 13:25:37
  • Multiple Updates
2014-10-16 13:27:09
  • Multiple Updates
2014-10-13 13:24:45
  • Multiple Updates
2014-10-11 13:26:26
  • Multiple Updates
2014-10-10 13:25:53
  • Multiple Updates
2014-10-03 17:24:31
  • Multiple Updates
2014-10-03 13:27:22
  • Multiple Updates
2014-10-02 21:27:09
  • First insertion