Lucene search

PRIOn knowledge basePRION:CVE-2015-2752

HistoryApr 01, 2015 - 2:59 p.m.

Cross site request forgery (csrf)

2015-04-0114:59:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

27.9%

JSON

The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).

CPENameOperatorVersion
fedoraeq20
fedoraeq21
xeneq4.3.2
xeneq4.3.0
xeneq4.4.1
xeneq4.3.1
xeneq4.5.0
xeneq4.4.0

Name	Operator	Version
fedora	eq	20
fedora	eq	21
xen	eq	4.3.2
xen	eq	4.3.0
xen	eq	4.4.1
xen	eq	4.3.1
xen	eq	4.5.0
xen	eq	4.4.0

References

lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html

lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html

www.securityfocus.com/bid/73448

www.securitytracker.com/id/1031994

xenbits.xen.org/xsa/advisory-125.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/154574.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/154579.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/155198.html

security.gentoo.org/glsa/201504-04

6.4 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

27.9%

JSON

Related for PRION:CVE-2015-2752