CVE-2015-4164

The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:N/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
xenxen
3.1.3
xenxen
3.1.4
xenxen
3.2.0
xenxen
3.2.1
xenxen
3.2.2
xenxen
3.2.3
xenxen
3.3.0
xenxen
3.3.1
xenxen
3.3.2
xenxen
3.4.0
xenxen
3.4.1
xenxen
3.4.2
xenxen
3.4.3
xenxen
3.4.4
xenxen
4.0.0
xenxen
4.0.1
xenxen
4.0.2
xenxen
4.0.3
xenxen
4.0.4
xenxen
4.1.0
xenxen
4.1.1
xenxen
4.1.2
xenxen
4.1.3
xenxen
4.1.4
xenxen
4.1.5
xenxen
4.1.6.1
xenxen
4.2.0
xenxen
4.2.1
xenxen
4.2.2
xenxen
4.2.3
xenxen
4.3.0
xenxen
4.3.1
xenxen
4.3.4
xenxen
4.4.0
xenxen
4.4.0:rc1
xenxen
4.4.1
xenxen
4.5.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
wily
not-affected
vivid
Fixed 4.5.0-1ubuntu4.2
released
utopic
ignored
trusty
Fixed 4.4.2-0ubuntu0.14.04.2
released
precise
Fixed 4.1.6.1-0ubuntu0.12.04.6
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
http://support.citrix.com/article/CTX201145
http://www.debian.org/security/2015/dsa-3286
http://www.securityfocus.com/bid/75149
http://www.securitytracker.com/id/1032569
http://xenbits.xen.org/xsa/advisory-136.html
https://security.gentoo.org/glsa/201604-03
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
http://support.citrix.com/article/CTX201145
http://www.debian.org/security/2015/dsa-3286
http://www.securityfocus.com/bid/75149
http://www.securitytracker.com/id/1032569
http://xenbits.xen.org/xsa/advisory-136.html
https://security.gentoo.org/glsa/201604-03