4.9 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
26.7%
The Xen Project reports:
With the introduction of version 2 grant table operations, a
version check became necessary for most grant table related
hypercalls. The GNTTABOP_swap_grant_ref call was lacking such a
check. As a result, the subsequent code behaved as if version 2 was
in use, when a guest issued this hypercall without a prior
GNTTABOP_setup_table or GNTTABOP_set_version.
The effect is a possible NULL pointer dereferences. However, this
cannot be exploited to elevate privileges of the attacking domain,
as the maximum memory address that can be wrongly accessed this way
is bounded to far below the start of hypervisor memory.
Malicious or buggy guest domain kernels can mount a denial of
service attack which, if successful, can affect the whole system.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | xen-kernel | = 4.2 | UNKNOWN |
FreeBSD | any | noarch | xen-kernel | < 4.5.0_3 | UNKNOWN |