CVE-2015-7813

Name of the Vulnerable Software and Affected Versions Xen versions 4.4.x through 4.6.x

Description The issue allows local guests to cause a denial of service by reporting unimplemented hypercalls without limiting the number of printk console messages. This can be achieved through a sequence of HYPERVISOR physdev op hypercalls, which are not properly handled in the do physdev op function in arch/arm/physdev.c, or HYPERVISOR hvm op hypercalls, which are not properly handled in the do hvm op function in arch/arm/hvm.c.

Recommendations For Xen versions 4.4.x through 4.6.x, consider restricting the use of the do physdev op and do hvm op functions until a patch is available. As a temporary workaround, limiting the number of printk console messages for unimplemented hypercalls may help mitigate the risk of denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.