| Errata ID | 218 |
|---|---|
| Date | 2014-10-13 |
| Source package | xen-4.1 |
| Fixed in version | 4.1.3-16.41.201410101644 |
| Description | There were multiple security issues discovered in Xen: * Information leak through outs instruction emulation (CVE-2013-4368) * use-after-free in xc_cpupool_getinfo() (CVE-2014-1950) * Denial of service in HVMOP_set_mem_access() (CVE-2014-2599) * Denial of service in HVMOP_set_mem_type() (CVE-2014-3124) * Hypervisor heap contents leaked to guests (CVE-2014-4021) * Denial of service in HVMOP_track_dirty_vram() (CVE-2014-7154) * Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (CVE-2014-7155) * Missing privilege level checks in x86 emulation of software interrupts (CVE-2014-7156) * Improper MSR range used for x2APIC emulation (CVE-2014-7188) |
| Additional notes | |
| CVE ID | CVE-2013-4368 CVE-2014-1950 CVE-2014-2599 CVE-2014-3124 CVE-2014-4021 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 |
| UCS Bug number | #34115 |
