NULL pointer dereference vulnerability in Xen HVMOP_inject_msi function

NULL pointer dereference vulnerability in Xen HVMOP_inject_msi function

CVE-2014-3967 · MEDIUM Severity

AV:A/AC:L/AU:S/C:N/I:N/A:C

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.

Learn more about our Web Application Penetration Testing UK.