4.9 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
26.7%
The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x,
4.3.x, and 4.4-RC series allows local guests to cause a denial of service
or possibly gain privileges via crafted xenstore ring indexes, which
triggers a “read or write past the end of the ring.”
Author | Note |
---|---|
mdeslaur | This is XSA-86 libvchan not packaged in Ubuntu. 4.2+ only |