CVE-2015-7969

Name of the Vulnerable Software and Affected Versions Xen versions 4.0 through 4.6.x

Description The issue allows local guest administrators or domains with certain permissions to cause a denial of service due to memory consumption. This can be achieved through a large number of domain "teardowns" with the vcpu pointer array allocated, utilizing specific hypercalls. The affected hypercalls include (1) XEN DOMCTL max vcpus, (2) XENOPROF get buffer, and (3) XENOPROF set passive.

Recommendations For Xen versions 4.0 through 4.6.x, consider restricting the use of the XEN DOMCTL max vcpus, XENOPROF get buffer, and XENOPROF set passive hypercalls to minimize the risk of exploitation. As a temporary workaround, limit the number of domain "teardowns" to reduce the impact of memory consumption. Avoid using the vcpu pointer array allocated through these hypercalls until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.