PT-2015-1386 · Xen+2 · Xen+2

Jan Beulich

Published

2015-06-03

Updated

2024-06-15

CVE-2015-4105

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Xen versions 3.3.x through 4.5.x

Description The issue is related to resource management errors in the Xen hypervisor. It can be exploited by a local attacker to cause a denial of service by performing certain invalid operations, which can lead to host disk consumption due to logging of error messages.

Recommendations For Xen versions 3.3.x through 4.5.x, consider disabling the logging of PCI MSI-X pass-through error messages as a temporary workaround to minimize the risk of exploitation. Restrict access to the logging subsystem to prevent local x86 HVM guests from causing a denial of service.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2015-10479

CVE-2015-4105

DSA-3284-1

DSA-3286-1

MGASA-2015-0310

MGASA-2016-0098

OPENSUSE-SU-2015_1092-1

OPENSUSE-SU-2015_1094-1

OPENSUSE-SU-2024:10196-1

SUSE-SU-2015:1042-1

SUSE-SU-2015:1045-1

SUSE-SU-2015:1156-1

SUSE-SU-2015:1157-1

USN-2630-1

Affected Products

Suse

Ubuntu

Xen

PT-2015-1386 · Xen+2 · Xen+2

CVE-2015-4105

Weakness Enumeration

Related Identifiers

Affected Products

References · 293