8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
41.7%
x86 PV guests are permitted to set up certain forms of what is often called “linear page tables”, where pagetables contain references to other pagetables at the same level or higher. Certain restrictions apply in order to fit into Xen’s page type handling system. An important restriction was missed, however: Stacking multiple layers of page tables of the same level on top of one another is not very useful, and the tearing down of such an arrangement involves recursion. With sufficiently many layers such recursion will result in a stack overflow, commonly resulting in Xen to crash.
A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded.
All Xen versions from at least 3.2 onwards are vulnerable. Earlier versions have not been checked.
Only x86 systems are affected. ARM systems are not affected.
Only x86 PV guests can leverage the vulnerability. x86 HVM guests cannot leverage the vulnerability.
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
41.7%