CVE-2015-8338

EUVD-2015-8222
Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
xenxen
𝑥
≤ 4.6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
squeeze
not-affected
trixie
4.17.3+36-g54dacb5c02-1
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
precise
not-affected
trusty
Fixed 4.4.2-0ubuntu0.14.04.4
released
vivid
Fixed 4.5.0-1ubuntu4.4
released
wily
Fixed 4.5.1-0ubuntu1.2
released
Common Weakness Enumeration
References
http://www.debian.org/security/2016/dsa-3633
http://www.securityfocus.com/bid/78920
http://www.securitytracker.com/id/1034390
http://xenbits.xen.org/xsa/advisory-158.html
http://www.debian.org/security/2016/dsa-3633
http://www.securityfocus.com/bid/78920
http://www.securitytracker.com/id/1034390
http://xenbits.xen.org/xsa/advisory-158.html