// For flags

CVE-2014-1891

Gentoo Linux Security Advisory 201407-03

Severity Score

7.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894.

Múltiples desbordamiento de enteros en las suboperaciones (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER y (4) FLASK_CONTEXT_TO_SID en la hiperllamada flask en Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x y anteriores, cuando XSM está habilitado, permiten a usuarios locales causar una denegación de servicio (fallo de procesador) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-1892, CVE-2014-1893 y CVE-2014-1894.

Multiple vulnerabilities have been found in Xen, the worst of which could lead to arbitrary code execution. Versions less than 4.3.2-r4 are affected.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High
Attack Vector
Adjacent
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-02-07 CVE Reserved
  • 2014-04-01 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-189: Numeric Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 <= 4.3.0
Search vendor "Xen" for product "Xen" and version " <= 4.3.0"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 3.2.0
Search vendor "Xen" for product "Xen" and version "3.2.0"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 3.2.1
Search vendor "Xen" for product "Xen" and version "3.2.1"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 3.2.2
Search vendor "Xen" for product "Xen" and version "3.2.2"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 3.2.3
Search vendor "Xen" for product "Xen" and version "3.2.3"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 3.3.0
Search vendor "Xen" for product "Xen" and version "3.3.0"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 3.3.1
Search vendor "Xen" for product "Xen" and version "3.3.1"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 3.3.2
Search vendor "Xen" for product "Xen" and version "3.3.2"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 3.4.0
Search vendor "Xen" for product "Xen" and version "3.4.0"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 3.4.1
Search vendor "Xen" for product "Xen" and version "3.4.1"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 3.4.2
Search vendor "Xen" for product "Xen" and version "3.4.2"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 3.4.3
Search vendor "Xen" for product "Xen" and version "3.4.3"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 3.4.4
Search vendor "Xen" for product "Xen" and version "3.4.4"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 4.1.0
Search vendor "Xen" for product "Xen" and version "4.1.0"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 4.1.1
Search vendor "Xen" for product "Xen" and version "4.1.1"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 4.1.2
Search vendor "Xen" for product "Xen" and version "4.1.2"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 4.1.3
Search vendor "Xen" for product "Xen" and version "4.1.3"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 4.1.4
Search vendor "Xen" for product "Xen" and version "4.1.4"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 4.1.5
Search vendor "Xen" for product "Xen" and version "4.1.5"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 4.1.6.1
Search vendor "Xen" for product "Xen" and version "4.1.6.1"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 4.2.0
Search vendor "Xen" for product "Xen" and version "4.2.0"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 4.2.1
Search vendor "Xen" for product "Xen" and version "4.2.1"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 4.2.2
Search vendor "Xen" for product "Xen" and version "4.2.2"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 4.2.3
Search vendor "Xen" for product "Xen" and version "4.2.3"
-
Affected
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
 4.3.1
Search vendor "Xen" for product "Xen" and version "4.3.1"
-
Affected