CVE-2014-2580

Advisory lineage Upstream: 0 Downstream: 3

Downstream

DEBIAN-CVE-2014-2580 UBUNTU-CVE-2014-2580 USN-2226-1

Modified

Published: 15 Apr 2014, 17:00

Last modified:06 Aug 2024, 10:21

Vulnerability Summary

Overall Risk (default)

low

18/100

CVSS Score

4.4 MEDIUM

v2.0 (nvd)

EPSS Score

0.07% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

15 Apr 2014, 17:00

Published

Vulnerability first disclosed

06 Aug 2024, 10:21

Last Modified

Vulnerability information updated

Description

The netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq context, allows local guest administrators to cause a denial of service ("scheduling while atomic" error and host crash) via a malformed packet, which causes a mutex to be taken when trying to disable the interface.

CVSS Metrics

v2.0•MEDIUM•Score: 4.4AV:L/AC:M/Au:S/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.07%• Percentile: 22%

Techniques & Countermeasures

CWE-399•Resource Management Errors
Weaknesses in this category are related to improper management of system resources.

Affected Systems

xen•xen
na