1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.1%
The libxlu library function xlu_vif_parse_rate does not properly handle inputs which consist solely of the ‘@’ character, leading to a NULL pointer dereference.
A toolstack which allows untrusted users to specify an arbitrary configuration for the VIF rate can be subjected to a DOS.
The only known user of this library is the xl toolstack which does not have a central long running daemon and therefore the impact is limited to crashing the process which is creating the domain, which exists only to service a single domain.
The vulnerable code is present from Xen 4.2 onwards.