5.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:N/I:N/A:C
0.006 Low
EPSS
Percentile
78.5%
The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does
not properly restrict updates to only PV page tables, which allows remote
PV guests to cause a denial of service (NULL pointer dereference) by
leveraging hardware emulation services for HVM guests using Hardware
Assisted Paging (HAP).
Author | Note |
---|---|
mdeslaur | 4.0+ |