CVE-2014-7188

Description

The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors.

How to fix CVE-2014-7188

To remediate CVE-2014-7188, upgrade the affected package to a fixed version below.

• Debian/xen—upgrade to 4.4.1-3 or later

Is CVE-2014-7188 being exploited?

Low — EPSS is 2.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 4.4.1-3

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-7188