Debian Security Bug TrackerDEBIANCVE:CVE-2015-7972CVE-2015-7972
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
26.9%
The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to “heavy memory pressure.”
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | xen | < 4.6.0-1 | xen_4.6.0-1_all.deb |
| Debian | 11 | all | xen | < 4.6.0-1 | xen_4.6.0-1_all.deb |
| Debian | 10 | all | xen | < 4.6.0-1 | xen_4.6.0-1_all.deb |
| Debian | 999 | all | xen | < 4.6.0-1 | xen_4.6.0-1_all.deb |
| Debian | 13 | all | xen | < 4.6.0-1 | xen_4.6.0-1_all.deb |
Related
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
26.9%