Upstream information
Description
Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having low severity.
| CVSS detail | National Vulnerability Database |
|---|---|
| Base Score | 1.9 |
| Vector | AV:L/AC:M/Au:N/C:N/I:N/A:P |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
Note from the SUSE Security Team on the xen package
This issue likely only affects the XEN hypervisor itself, unless otherwise stated. The userland utilities in -tools and libraries in -libs are shipped together with the xen hypervisor as they are built from one source and do not contain hypervisor specific fixes. SUSE Bugzilla entry: 876091 [RESOLVED / UPSTREAM] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Mon May 19 20:16:46 2014CVE page last modified: Mon Oct 6 18:20:59 2025