4.4 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
27.9%
Wrong ordering of operations upon extending the per-domain event channel tracking table can cause a pointer to freed memory to be left in place, when the hypervisor is under memory pressure and XSM (Xen Security Module) is enabled.
Malicious guest kernels could inject arbitrary events or corrupt other hypervisor state, possibly leading to code execution.
All Xen versions from 3.2 onwards are vulnerable when making use of XSM. Configurations without XSM or with a dummy module are not affected.