CVE-2015-8338

Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
xenxen
𝑥
≤ 4.6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bullseye
4.14.6-1
fixed
wheezy
not-affected
squeeze
not-affected
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
wily
Fixed 4.5.1-0ubuntu1.2
released
vivid
Fixed 4.5.0-1ubuntu4.4
released
trusty
Fixed 4.4.2-0ubuntu0.14.04.4
released
precise
not-affected
Common Weakness Enumeration
References
http://www.debian.org/security/2016/dsa-3633
http://www.securityfocus.com/bid/78920
http://www.securitytracker.com/id/1034390
http://xenbits.xen.org/xsa/advisory-158.html
http://www.debian.org/security/2016/dsa-3633
http://www.securityfocus.com/bid/78920
http://www.securitytracker.com/id/1034390
http://xenbits.xen.org/xsa/advisory-158.html