Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-7972
HistoryOct 30, 2015 - 12:00 a.m.

CVE-2015-7972

2015-10-3000:00:00
ubuntu.com
ubuntu.com
15
cve-2015-7972
xen
denial of service
libxl_set_memory_target
libxl__build_post
hvm guest

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.001

Percentile

26.7%

The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2)
libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through
4.6.x do not properly calculate the balloon size when using the
populate-on-demand (PoD) system, which allows local HVM guest users to
cause a denial of service (guest crash) via unspecified vectors related to
“heavy memory pressure.”

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchxen< 4.1.6.1-0ubuntu0.12.04.7UNKNOWN
ubuntu14.04noarchxen< 4.4.2-0ubuntu0.14.04.3UNKNOWN
ubuntu15.04noarchxen< 4.5.0-1ubuntu4.3UNKNOWN
ubuntu15.10noarchxen< 4.5.1-0ubuntu1.1UNKNOWN

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.001

Percentile

26.7%