CVE-2015-2752

Name of the Vulnerable Software and Affected Versions Xen versions 3.2.x through 4.5.x

Description The issue concerns the XEN DOMCTL memory mapping hypercall in Xen, which is not preemptible when using a PCI passthrough device. This could allow local users of the x86 HVM domain to cause a denial of service, specifically host CPU consumption, by making a crafted request to the device model (qemu-dm).

Recommendations For Xen versions 3.2.x through 4.5.x, consider disabling the PCI passthrough device as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.