Lucene search

[email protected]CVE-2015-7813

HistoryOct 30, 2015 - 3:59 p.m.

CVE-2015-7813

2015-10-3015:59:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2015-7813

xen

denial of service

hypervisor_physdev_op

hypervisor_hvm_op

nvd

unimplemented hypercalls

8.2 High

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

26.0%

JSON

Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly handled in the do_physdev_op function in arch/arm/physdev.c, or (2) HYPERVISOR_hvm_op hypercalls, which are not properly handled in the do_hvm_op function in arch/arm/hvm.c.

CPENameOperatorVersion
xen:xenxeneq4.6.0
xen:xenxeneq4.4.0
xen:xenxeneq4.4.1
xen:xenxeneq4.5.1
xen:xenxeneq4.5.0

CPE	Name	Operator	Version
xen:xen	xen	eq	4.6.0
xen:xen	xen	eq	4.4.0
xen:xen	xen	eq	4.4.1
xen:xen	xen	eq	4.5.1
xen:xen	xen	eq	4.5.0

References

lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html

lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html

lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html

www.debian.org/security/2015/dsa-3414

www.securitytracker.com/id/1034029

xenbits.xen.org/xsa/advisory-146.html

security.gentoo.org/glsa/201604-03

8.2 High

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

26.0%

JSON

Related for CVE-2015-7813

prion1 ubuntucve1 debiancve1 xen1 nessus7 openvas6 fedora3 debian1 mageia1 gentoo1