VYPR
Unrated severityNVD Advisory· Published Jan 26, 2014· Updated Jun 17, 2026

CVE-2014-1666

CVE-2014-1666

Description

The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • Xen/Xen7 versions
    cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*
    • (no CPE)range: 4.1.5, 4.1.6.1, 4.2.2-4.2.3, 4.3.x

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.