Veracode Vulnerability DatabaseVERACODE:28869Denial Of Service (DoS)
6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
xen is vulnerable to denial of service (DoS). The vulnerability exists in oxenstored, where a owner could give a node away, causing guest can run out of quota, or create an unbounded number of nodes owned by dom0, thus running xenstored out of memory.
References
lists.fedoraproject.org/archives/list/[email protected]/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/
lists.fedoraproject.org/archives/list/[email protected]/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/
secdb.alpinelinux.org/v3.12/main.yaml
security.gentoo.org/glsa/202107-30
www.debian.org/security/2020/dsa-4812
xenbits.xenproject.org/xsa/advisory-352.html
Related
6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C