Upstream information

CVE-2014-6268 at MITRE

Description

The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.9
Vector AV:L/AC:L/Au:N/C:N/I:N/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
SUSE Bugzilla entry: 895804

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • xen >= 4.4.1_06-2.2
  • xen-kmp-default >= 4.4.1_06_k3.12.28_4-2.2
  • xen-libs >= 4.4.1_06-2.2
  • xen-libs-32bit >= 4.4.1_06-2.2
 Patchnames:
SUSE Linux Enterprise Desktop 12 GA xen
SUSE Linux Enterprise Desktop 12 SP1
  • xen >= 4.5.1_12-2.3
  • xen-kmp-default >= 4.5.1_12_k3.12.49_11-2.3
  • xen-libs >= 4.5.1_12-2.3
  • xen-libs-32bit >= 4.5.1_12-2.3
 Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA xen
SUSE Linux Enterprise Desktop 12 SP2
  • xen >= 4.7.0_12-23.4
  • xen-libs >= 4.7.0_12-23.4
  • xen-libs-32bit >= 4.7.0_12-23.4
 Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA xen
SUSE Linux Enterprise Desktop 12 SP3
  • xen >= 4.9.0_08-2.2
  • xen-libs >= 4.9.0_08-2.2
  • xen-libs-32bit >= 4.9.0_08-2.2
 Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA xen
SUSE Linux Enterprise Module for Basesystem 15
  • xen-libs >= 4.10.1_04-1.4
  • xen-tools-domU >= 4.10.1_04-1.4
 Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 GA xen-libs
SUSE Linux Enterprise Module for Server Applications 15
  • xen >= 4.10.1_04-1.4
  • xen-devel >= 4.10.1_04-1.4
  • xen-tools >= 4.10.1_04-1.4
 Patchnames:
SUSE Linux Enterprise Module for Server Applications 15 GA xen
SUSE Linux Enterprise Server 12
  • xen >= 4.4.1_06-2.2
  • xen-doc-html >= 4.4.1_06-2.2
  • xen-kmp-default >= 4.4.1_06_k3.12.28_4-2.2
  • xen-libs >= 4.4.1_06-2.2
  • xen-libs-32bit >= 4.4.1_06-2.2
  • xen-tools >= 4.4.1_06-2.2
  • xen-tools-domU >= 4.4.1_06-2.2
 Patchnames:
SUSE Linux Enterprise Server 12 GA xen
SUSE Linux Enterprise Server 12 SP1
  • xen >= 4.5.1_12-2.3
  • xen-doc-html >= 4.5.1_12-2.3
  • xen-kmp-default >= 4.5.1_12_k3.12.49_11-2.3
  • xen-libs >= 4.5.1_12-2.3
  • xen-libs-32bit >= 4.5.1_12-2.3
  • xen-tools >= 4.5.1_12-2.3
  • xen-tools-domU >= 4.5.1_12-2.3
 Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA xen
SUSE Linux Enterprise Server 12 SP2
  • xen >= 4.7.0_12-23.4
  • xen-doc-html >= 4.7.0_12-23.4
  • xen-libs >= 4.7.0_12-23.4
  • xen-libs-32bit >= 4.7.0_12-23.4
  • xen-tools >= 4.7.0_12-23.4
  • xen-tools-domU >= 4.7.0_12-23.4
 Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA xen
SUSE Linux Enterprise Server 12 SP3
  • xen >= 4.9.0_08-2.2
  • xen-doc-html >= 4.9.0_08-2.2
  • xen-libs >= 4.9.0_08-2.2
  • xen-libs-32bit >= 4.9.0_08-2.2
  • xen-tools >= 4.9.0_08-2.2
  • xen-tools-domU >= 4.9.0_08-2.2
 Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA xen
SUSE Linux Enterprise Software Development Kit 12
  • xen-devel >= 4.4.1_06-2.2
 Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA xen-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • xen-devel >= 4.5.1_12-2.3
 Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA xen-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • xen-devel >= 4.7.0_12-23.4
 Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA xen-devel
SUSE Linux Enterprise Software Development Kit 12 SP3
  • xen-devel >= 4.9.0_08-2.2
 Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA xen-devel
openSUSE Leap 15.0
  • xen-libs >= 4.10.0_20-lp150.1.2
 Patchnames:
openSUSE Leap 15.0 GA xen-libs
openSUSE Leap 42.1
  • xen >= 4.5.1_10-1.4
  • xen-doc-html >= 4.5.1_10-1.4
  • xen-kmp-default >= 4.5.1_10_k4.1.12_1-1.4
  • xen-libs >= 4.5.1_10-1.4
  • xen-tools >= 4.5.1_10-1.4
  • xen-tools-domU >= 4.5.1_10-1.4
 Patchnames:
openSUSE Leap 42.1 GA xen
openSUSE Leap 42.2
  • xen >= 4.7.0_12-1.6
  • xen-doc-html >= 4.7.0_12-1.6
  • xen-libs >= 4.7.0_12-1.6
  • xen-tools >= 4.7.0_12-1.6
  • xen-tools-domU >= 4.7.0_12-1.6
 Patchnames:
openSUSE Leap 42.2 GA xen
openSUSE Leap 42.3
  • xen >= 4.9.0_08-2.1
  • xen-doc-html >= 4.9.0_08-2.1
  • xen-libs >= 4.9.0_08-2.1
  • xen-tools >= 4.9.0_08-2.1
  • xen-tools-domU >= 4.9.0_08-2.1
 Patchnames:
openSUSE Leap 42.3 GA xen
openSUSE Tumbleweed
  • xen >= 4.7.0_12-1.3
  • xen-devel >= 4.7.0_12-1.3
  • xen-doc-html >= 4.7.0_12-1.3
  • xen-libs >= 4.7.0_12-1.3
  • xen-libs-32bit >= 4.7.0_12-1.3
  • xen-tools >= 4.7.0_12-1.3
  • xen-tools-domU >= 4.7.0_12-1.3
 Patchnames:
openSUSE Tumbleweed GA xen