1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
26.7%
A change to an internal interface within the hypervisor invalidated an ASSERT in a caller of that API. This code path is exposed to PV guests via a hypercall allowing administrators of PV guests to crash the hypervisor if it is built with debugging enabled.
Malicious administrators of PV guests running on hypervisors built with the non-default debug=y option can crash the host.
Systems running Xen 4.2 and unstable are vulnerable to this issue. Xen 4.1 and earlier are not vulnerable.
Only systems built with debugging enabled are vulnerable. Debugging is not enabled by default.
Systems running PV guests or HVM guests using stubdomains are vulnerable. Guests which run only HVM guests without stubdomains are not vulnerable.