Lucene search
Ubuntu.comUB:CVE-2015-6654HistorySep 03, 2015 - 12:00 a.m.
CVE-2015-6654
2015-09-0300:00:00
ubuntu.com
ubuntu.com
7
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
19.8%
The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x,
4.4.x, and earlier does not limit the number of printk console messages
when reporting a failure to retrieve a reference on a foreign page, which
allows remote domains to cause a denial of service by leveraging
permissions to map the memory of a foreign guest.
Notes
| Author | Note |
|---|---|
| mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
| seth-arnold | Mitigation: “Reducing the hypervisor log level can be used to suppress messages” |
Related
prion
prion
Denial of service
2015-09-03 14:59:00
cve
cve
CVE-2015-6654
2015-09-03 14:59:00
xen
xen
printk is not rate-limited in xenmem_add_to_physmap_one
2015-09-01 12:00:00
debiancve
debiancve
CVE-2015-6654
2015-09-03 14:59:00
nessus
nessus
Debian DSA-3414-1 : xen - security update
2015-12-10 00:00:00
debian
debian
[SECURITY] [DSA 3414-1] xen security update
2015-12-09 20:43:34
openvas
openvas
Debian: Security Advisory (DSA-3414-1)
2015-12-08 00:00:00
Debian Security Advisory DSA 3414-1 (xen - security update)
2015-12-09 00:00:00
Mageia: Security Advisory (MGASA-2016-0098)
2016-03-08 00:00:00
mageia
mageia
Updated xen packages fix security vulnerabilities
2016-03-07 14:20:30
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
19.8%
Related for UB:CVE-2015-6654