CVE-2015-4103

Name of the Vulnerable Software and Affected Versions Xen versions 3.3.x through 4.5.x

Description The issue is related to inadequate access control for certain functions in the Xen hypervisor. Exploitation of this issue can allow a local attacker to cause a denial of service in the host operating system. Specifically, the problem lies in the lack of proper restriction on write access to the host MSI message data field, which can be exploited by local x86 HVM guest administrators to cause confusion in host interrupt handling. This can be achieved through vectors related to qemu and accessing spanning multiple fields.

Recommendations For Xen versions 3.3.x through 4.5.x, consider restricting access to the qemu module to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the ability of local x86 HVM guest administrators to access and modify the host MSI message data field.