CVE-2015-7972

Name of the Vulnerable Software and Affected Versions Xen versions 3.4.x through 4.6.x

Description The issue arises from the incorrect calculation of the balloon size by the (1) libxl set memory target function in tools/libxl/libxl.c and (2) libxl build post function in tools/libxl/libxl dom.c when using the populate-on-demand (PoD) system. This allows local HVM guest users to cause a denial of service, resulting in a guest crash, via unspecified vectors related to "heavy memory pressure."

Recommendations For Xen versions 3.4.x through 4.6.x, consider disabling the populate-on-demand (PoD) system as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.