CVE-2014-3967 | Vulnerability Database | Aqua Security

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Xen	Xen	4.2.0 (including)	4.2.0 (including)
Xen	Xen	4.2.1 (including)	4.2.1 (including)
Xen	Xen	4.2.2 (including)	4.2.2 (including)
Xen	Xen	4.2.3 (including)	4.2.3 (including)
Xen	Ubuntu	devel	*
Xen	Ubuntu	saucy	*
Xen	Ubuntu	trusty	*
Xen-3.3	Ubuntu	upstream	*

References

http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134739.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
http://www.openwall.com/lists/oss-security/2014/06/04/13
http://www.securityfocus.com/bid/67794
http://www.securitytracker.com/id/1030322
http://xenbits.xen.org/xsa/advisory-96.html
https://security.gentoo.org/glsa/201504-04
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134739.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
http://www.openwall.com/lists/oss-security/2014/06/04/13
http://www.securityfocus.com/bid/67794
http://www.securitytracker.com/id/1030322
http://xenbits.xen.org/xsa/advisory-96.html
https://security.gentoo.org/glsa/201504-04

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-3967
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html