Red Hat Bugzilla – Bug 1062329
CVE-2014-1895 xen: Off-by-one error in FLASK_AVC_CACHESTAT hypercall (xsa-85)
Last modified: 2016-03-04 06:22:44 EST
The FLASK_AVC_CACHESTAT hypercall, which provides access to per-cpu statistics on the Flask security policy, incorrectly validates the CPU for which statistics are being requested.
An attacker can cause the hypervisor to read past the end of an array. This may result in either a host crash, leading to a denial of service, or access to a small and static region of hypervisor memory, leading to an information leak.
Red Hat would like to thank the Xen project for reporting this issue.
This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5.
This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 as we did not have support for Xen hypervisor.
Created xen tracking bugs for this issue:
Affects: fedora-all [bug 1062335]
This was assigned CVE-2014-1895: http://seclists.org/oss-sec/2014/q1/283