Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-04-01T01:00:00
Updated: 2024-08-06T09:58:15.560Z
Reserved: 2014-02-07T00:00:00
Link: CVE-2014-1895
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-04-01T06:35:53.577
Modified: 2024-11-21T02:05:13.880
Link: CVE-2014-1895
Redhat