PT-2015-7307 · Xen · Xen

Julien Grall

Published

2015-09-03

Updated

2016-12-07

CVE-2015-6654

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Xen versions 4.5.x, 4.4.x, and earlier

Description The issue is related to the xenmem add to physmap one function in arch/arm/mm.c, which does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page. This allows remote domains to cause a denial of service by leveraging permissions to map the memory of a foreign guest.

Recommendations For Xen versions 4.5.x, 4.4.x, and earlier, consider restricting permissions to map the memory of a foreign guest to minimize the risk of exploitation. As a temporary workaround, consider limiting the number of printk console messages to prevent a denial of service.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2015-6654

DSA-3414-1

MGASA-2016-0098

Affected Products

Xen

PT-2015-7307 · Xen · Xen

CVE-2015-6654

Weakness Enumeration

Related Identifiers

Affected Products

References · 83