CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
82.1%
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS
users to cause a denial of service via a VCPUOP_initialise hypercall.
hypercall_create_continuation() is a variadic function which uses a
printf-like format string to interpret its parameters. Error handling for a
bad format character was done using BUG(), which crashes Xen. One path, via
the VCPUOP_initialise hypercall, has a bad format character. The BUG() can
be hit if VCPUOP_initialise executes for a sufficiently long period of time
for a continuation to be created. Malicious guests may cause a hypervisor
crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer
are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86
PV guests can exploit the vulnerability. HVM and PVH guests, and guests on
ARM systems, cannot exploit the vulnerability.
Author | Note |
---|---|
mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
82.1%