CVE-2014-9030 - Vulnerability Details

Vendors	Products
Debian	Debian Linux
Opensuse	Opensuse
Xen	Xen

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html
http://secunia.com/advisories/62672
http://www.debian.org/security/2015/dsa-3140
http://www.securityfocus.com/bid/71207
http://xenbits.xen.org/xsa/advisory-113.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/98853
https://nvd.nist.gov/vuln/detail/CVE-2014-9030
https://security.gentoo.org/glsa/201504-04
https://www.cve.org/CVERecord?id=CVE-2014-9030

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-11-20T00:00:00", "descriptions": [{"lang": "en", "value": "The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-113.html"}, {"name": "GLSA-201504-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201504-04"}, {"name": "62672", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62672"}, {"name": "xen-mmumachphysupdate-dos(98853)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98853"}, {"name": "DSA-3140", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3140"}, {"name": "71207", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71207"}, {"name": "openSUSE-SU-2015:0226", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html"}, {"name": "openSUSE-SU-2015:0256", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9030", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://xenbits.xen.org/xsa/advisory-113.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-113.html"}, {"name": "GLSA-201504-04", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-04"}, {"name": "62672", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62672"}, {"name": "xen-mmumachphysupdate-dos(98853)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98853"}, {"name": "DSA-3140", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3140"}, {"name": "71207", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71207"}, {"name": "openSUSE-SU-2015:0226", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html"}, {"name": "openSUSE-SU-2015:0256", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:33:13.540Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://xenbits.xen.org/xsa/advisory-113.html"}, {"name": "GLSA-201504-04", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201504-04"}, {"name": "62672", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62672"}, {"name": "xen-mmumachphysupdate-dos(98853)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98853"}, {"name": "DSA-3140", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3140"}, {"name": "71207", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/71207"}, {"name": "openSUSE-SU-2015:0226", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html"}, {"name": "openSUSE-SU-2015:0256", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9030", "datePublished": "2014-11-24T15:00:00", "dateReserved": "2014-11-20T00:00:00", "dateUpdated": "2024-08-06T13:33:13.540Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2014-11-20T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-09-07T15:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://xenbits.xen.org/xsa/advisory-113.html (string)

}

1 : { »

name : GLSA-201504-04 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201504-04 (string)

}

2 : { »

name : 62672 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/62672 (string)

}

3 : { »

name : xen-mmumachphysupdate-dos(98853) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/98853 (string)

}

4 : { »

name : DSA-3140 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2015/dsa-3140 (string)

}

5 : { »

name : 71207 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/71207 (string)

}

6 : { »

name : openSUSE-SU-2015:0226 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html (string)

}

7 : { »

name : openSUSE-SU-2015:0256 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2014-9030 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://xenbits.xen.org/xsa/advisory-113.html (string)

refsource : CONFIRM (string)

url : http://xenbits.xen.org/xsa/advisory-113.html (string)

}

1 : { »

name : GLSA-201504-04 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201504-04 (string)

}

2 : { »

name : 62672 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/62672 (string)

}

3 : { »

name : xen-mmumachphysupdate-dos(98853) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/98853 (string)

}

4 : { »

name : DSA-3140 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2015/dsa-3140 (string)

}

5 : { »

name : 71207 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/71207 (string)

}

6 : { »

name : openSUSE-SU-2015:0226 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html (string)

}

7 : { »

name : openSUSE-SU-2015:0256 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T13:33:13.540Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://xenbits.xen.org/xsa/advisory-113.html (string)

}

1 : { »

name : GLSA-201504-04 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201504-04 (string)

}

2 : { »

name : 62672 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/62672 (string)

}

3 : { »

name : xen-mmumachphysupdate-dos(98853) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/98853 (string)

}

4 : { »

name : DSA-3140 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2015/dsa-3140 (string)

}

5 : { »

name : 71207 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/71207 (string)

}

6 : { »

name : openSUSE-SU-2015:0226 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html (string)

}

7 : { »

name : openSUSE-SU-2015:0256 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2014-9030 (string)

datePublished : 2014-11-24T15:00:00 (string)

dateReserved : 2014-11-20T00:00:00 (string)

dateUpdated : 2024-08-06T13:33:13.540Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B81B6EEB-D01E-432D-AEBF-707409741C0A", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "2A4B60DE-A8C0-459E-A99C-6EF0D3264B75", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A83F4F7E-53CF-4066-857B-2154D25979D8", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "048E790E-B0A1-4504-9299-0B6D9CB0C509", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "EB157D09-B91B-486A-A9F7-C9BA75AE8823", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "FA95119D-EAF1-48D4-AE7C-0C4927D06CDF", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "5D40E4E4-3FCB-4980-8DD2-49DDABCB398E", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F7D1B7E-C30F-430F-832D-2A405DA1F2D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "B7C1D0AD-B804-474C-96A3-988BADA0DAD2", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "1DCD1F05-9F96-40DD-B506-750E87306325", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "25B6AE42-E1EB-47A8-8FAF-7A93A67EC67F", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "60BADA43-94D5-4E80-B5C8-D01A0249F13E", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "550223A9-B9F1-440A-8C25-9F0F76AF7301", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FC734D58-96E5-4DD2-8781-F8E0ADB96462", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "62CEC1BF-1922-410D-BCBA-C58199F574C7", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "923F2C2B-4A65-4823-B511-D0FEB7C7FAB2", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "C1A24DED-B2EC-4D9C-9FA4-DD37EF3E3BFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D532B60-C8DD-4A2F-9D05-E574D23EB754", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5D83CA8B-8E49-45FA-8FAB-C15052474542", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "27537DF5-7E0F-463F-BA87-46E329EE07AC", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "3EA4F978-9145-4FE6-B4F9-15207E52C40A", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "22A995FD-9B7F-4DF0-BECF-4B086E470F1E", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "219597E2-E2D7-4647-8A7C-688B96300158", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "65E55950-EACA-4209-B2A1-E09026FC6006", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "47640819-FC43-49ED-8A77-728C3D7255B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "2448537F-87AD-45C1-9FB0-7A49CA31BD76", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E36B2265-70E1-413B-A7CF-79D39E9ADCFB", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF948E6A-07BE-4C7D-8A98-002E89D35F4D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "C0E23B94-1726-4F63-84BB-8D83FAB156D7", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "1044792C-D544-457C-9391-4F3B5BAB978D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBD9AD01-50B7-4951-8A73-A6CF4801A487", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE."}, {"lang": "es", "value": "La funci\u00f3n do_mmu_update en arch/x86/mm.c en Xen 3.2.x hasta 4.4.x no maneja debidamente las referencias de p\u00e1ginas, lo que permite a dominios remotos causar una denegaci\u00f3n de servicio mediante el aprovechamiento del control sobre un invitado HVM y un MMU_MACHPHYS_UPDATE manipulado."}], "id": "CVE-2014-9030", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-24T15:59:19.047", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://secunia.com/advisories/62672"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3140"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/71207"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-113.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98853"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201504-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://secunia.com/advisories/62672"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3140"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/71207"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-113.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98853"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201504-04"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B81B6EEB-D01E-432D-AEBF-707409741C0A (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 2A4B60DE-A8C0-459E-A99C-6EF0D3264B75 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : A83F4F7E-53CF-4066-857B-2154D25979D8 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:xen:xen:3.2.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 048E790E-B0A1-4504-9299-0B6D9CB0C509 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : EB157D09-B91B-486A-A9F7-C9BA75AE8823 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : FA95119D-EAF1-48D4-AE7C-0C4927D06CDF (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 5D40E4E4-3FCB-4980-8DD2-49DDABCB398E (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 7F7D1B7E-C30F-430F-832D-2A405DA1F2D9 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : B7C1D0AD-B804-474C-96A3-988BADA0DAD2 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 1DCD1F05-9F96-40DD-B506-750E87306325 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 25B6AE42-E1EB-47A8-8FAF-7A93A67EC67F (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 60BADA43-94D5-4E80-B5C8-D01A0249F13E (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 550223A9-B9F1-440A-8C25-9F0F76AF7301 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : FC734D58-96E5-4DD2-8781-F8E0ADB96462 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 62CEC1BF-1922-410D-BCBA-C58199F574C7 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 923F2C2B-4A65-4823-B511-D0FEB7C7FAB2 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:* (string)

matchCriteriaId : C1A24DED-B2EC-4D9C-9FA4-DD37EF3E3BFC (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 0D532B60-C8DD-4A2F-9D05-E574D23EB754 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 5D83CA8B-8E49-45FA-8FAB-C15052474542 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 27537DF5-7E0F-463F-BA87-46E329EE07AC (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 3EA4F978-9145-4FE6-B4F9-15207E52C40A (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 22A995FD-9B7F-4DF0-BECF-4B086E470F1E (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 219597E2-E2D7-4647-8A7C-688B96300158 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 65E55950-EACA-4209-B2A1-E09026FC6006 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 47640819-FC43-49ED-8A77-728C3D7255B3 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 2448537F-87AD-45C1-9FB0-7A49CA31BD76 (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:* (string)

matchCriteriaId : E36B2265-70E1-413B-A7CF-79D39E9ADCFB (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : BF948E6A-07BE-4C7D-8A98-002E89D35F4D (string)

vulnerable : true (boolean)

}

29 : { »

criteria : cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : C0E23B94-1726-4F63-84BB-8D83FAB156D7 (string)

vulnerable : true (boolean)

}

30 : { »

criteria : cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 1044792C-D544-457C-9391-4F3B5BAB978D (string)

vulnerable : true (boolean)

}

31 : { »

criteria : cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : FBD9AD01-50B7-4951-8A73-A6CF4801A487 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 16F59A04-14CF-49E2-9973-645477EA09DA (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A10BC294-9196-425F-9FB0-B1625465B47F (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 03117DF1-3BEC-4B8D-AD63-DBBDB2126081 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. (string)

}

1 : { »

lang : es (string)

value : La función do_mmu_update en arch/x86/mm.c en Xen 3.2.x hasta 4.4.x no maneja debidamente las referencias de páginas, lo que permite a dominios remotos causar una denegación de servicio mediante el aprovechamiento del control sobre un invitado HVM y un MMU_MACHPHYS_UPDATE manipulado. (string)

}

]

id : CVE-2014-9030 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 7.1 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:M/Au:N/C:N/I:N/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 6.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2014-11-24T15:59:19.047 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Permissions Required (string)

1 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/62672 (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2015/dsa-3140 (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/71207 (string)

}

5 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://xenbits.xen.org/xsa/advisory-113.html (string)

}

6 : { »

source : cve@mitre.org (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/98853 (string)

}

7 : { »

source : cve@mitre.org (string)

url : https://security.gentoo.org/glsa/201504-04 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Permissions Required (string)

1 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/62672 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2015/dsa-3140 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/71207 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://xenbits.xen.org/xsa/advisory-113.html (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/98853 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.gentoo.org/glsa/201504-04 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank Xen project for reporting this issue.", "bugzilla": {"description": "kernel: xen: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling", "id": "1166913", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1166913"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:N/I:N/A:C", "status": "draft"}, "cwe": "CWE-772", "details": ["The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE."], "name": "CVE-2014-9030", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "kernel-xen", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2014-11-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-9030\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9030\nhttp://xenbits.xen.org/xsa/advisory-113.html"], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}

{

acknowledgement : Red Hat would like to thank Xen project for reporting this issue. (string)

bugzilla : { »

description : kernel: xen: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (string)

id : 1166913 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1166913 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 4.3 (string)

cvss_scoring_vector : AV:A/AC:H/Au:S/C:N/I:N/A:C (string)

status : draft (string)

}

cwe : CWE-772 (string)

details : [ »

0 : The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. (string)

]

name : CVE-2014-9030 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Affected (string)

package_name : kernel-xen (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

]

public_date : 2014-11-20T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2014-9030 https://nvd.nist.gov/vuln/detail/CVE-2014-9030 http://xenbits.xen.org/xsa/advisory-113.html (string)

]

statement : Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. (string)

threat_severity : Low (string)

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object