CVE-2014-9030
Description
Xen fails to release a page reference in the MMU_MACHPHYS_UPDATE handler, allowing an HVM-controlling domain to cause a host-wide denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Xen fails to release a page reference in the MMU_MACHPHYS_UPDATE handler, allowing an HVM-controlling domain to cause a host-wide denial of service.
Vulnerability
The do_mmu_update function in arch/x86/mm.c in Xen versions 3.2.x through 4.4.x contains a page reference leak in the error handling path of the MMU_MACHPHYS_UPDATE operation. When an error occurs during processing, a previously acquired page reference is not released, leading to resource exhaustion. The vulnerability is present on x86 systems; ARM is not affected [1].
Exploitation
An attacker must control a domain that provides hardware emulation or service domains (stub domains) for an HVM guest. No special privileges beyond control over such a domain are required. The attacker triggers the flawed code path by issuing a crafted MMU_MACHPHYS_UPDATE hypercall from the controlling domain [1].
Impact
Successful exploitation causes a denial of service by exhausting page references, affecting the entire host system. The attacker does not gain code execution or data disclosure, but the crash or hang can impact all running domains [1].
Mitigation
Xen released patches for XSA-113; users should update to fixed versions (e.g., Xen 4.4.2-r1 or 4.2.5-r8 for Gentoo) [1][2]. Running only PV guests avoids the issue entirely, as HVM control domains are the attack vector [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
36- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:*+ 32 more
- cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*
- (no CPE)range: 3.2.x - 4.4.x
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- xenbits.xen.org/xsa/advisory-113.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.htmlnvdThird Party Advisory
- secunia.com/advisories/62672nvdPermissions RequiredThird Party Advisory
- www.debian.org/security/2015/dsa-3140nvdThird Party Advisory
- www.securityfocus.com/bid/71207nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/98853nvd
- security.gentoo.org/glsa/201504-04nvd
News mentions
0No linked articles in our index yet.