7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.013 Low
EPSS
Percentile
85.4%
The Xen Project reports:
XSA-77 put the majority of the domctl operations on a list
excepting them from having security advisories issued for them if
any effects their use might have could hamper security. Subsequently
some of them got declared disaggregation safe, but for a small
subset this was not really correct: Their (mis-)use may result in
host lockups.
As a result, the potential security benefits of toolstack
disaggregation are not always fully realised.
Domains deliberately given partial management control may be able
to deny service to the entire host.
As a result, in a system designed to enhance security by radically
disaggregating the management, the security may be reduced. But,
the security will be no worse than a non-disaggregated design.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | xen-kernel | = 4.3 | UNKNOWN |
FreeBSD | any | noarch | xen-kernel | < 4.5.0_3 | UNKNOWN |