Upstream information
Description
Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having low severity.
| CVSS detail | National Vulnerability Database |
|---|---|
| Base Score | 3.3 |
| Vector | AV:L/AC:M/Au:N/C:P/I:N/A:P |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | Partial |
Note from the SUSE Security Team on the xen package
This issue likely only affects the XEN hypervisor itself, unless otherwise stated. The userland utilities in -tools and libraries in -libs are shipped together with the xen hypervisor as they are built from one source and do not contain hypervisor specific fixes. SUSE Bugzilla entry: 876091 [RESOLVED / UPSTREAM] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Mon May 19 20:16:46 2014CVE page last modified: Mon Oct 6 18:20:59 2025