CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
26.7%
The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2)
libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through
4.6.x do not properly calculate the balloon size when using the
populate-on-demand (PoD) system, which allows local HVM guest users to
cause a denial of service (guest crash) via unspecified vectors related to
“heavy memory pressure.”