Lucene search

PRIOn knowledge basePRION:CVE-2015-7971

HistoryOct 30, 2015 - 3:59 p.m.

Design/Logic Flaw

2015-10-3015:59:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.7%

JSON

Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c.

CPENameOperatorVersion
xeneq3.2.0
xeneq4.3.2
xeneq4.6.0
xeneq4.1.5
xeneq3.2.1
xeneq4.2.2
xeneq4.2.3
xeneq3.4.0
xeneq4.3.0
xeneq4.0.4

Name	Operator	Version
xen	eq	3.2.0
xen	eq	4.3.2
xen	eq	4.6.0
xen	eq	4.1.5
xen	eq	3.2.1
xen	eq	4.2.2
xen	eq	4.2.3
xen	eq	3.4.0
xen	eq	4.3.0
xen	eq	4.0.4

Rows per page:

1-10 of 371

References

lists.opensuse.org/opensuse-updates/2015-11/msg00063.html

support.citrix.com/article/CTX202404

www.debian.org/security/2015/dsa-3414

www.securityfocus.com/bid/77363

www.securitytracker.com/id/1034035

xenbits.xen.org/xsa/advisory-152.html

lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html

lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html

lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html

security.gentoo.org/glsa/201604-03