CVE-2014-3717

CVE-2014-3717

EPSS 0.4%

Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://www.openwall.com/lists/oss-security/2014/05/14/4 http://www.openwall.com/lists/oss-security/2014/05/15/6 http://www.openwall.com/lists/oss-security/2014/05/16/1 http://www.securitytracker.com/id/1030252 http://xenbits.xen.org/xsa/advisory-95.html