Xen ProjectXSA-83Out-of-memory condition yielding memory corruption during IRQ setup
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
35.5%
ISSUE DESCRIPTION
When setting up the IRQ for a passed through physical device, a flaw in the error handling could result in a memory allocation being used after it is freed, and then freed a second time. This would typically result in memory corruption.
IMPACT
Malicious guest administrators can trigger a use-after-free error, resulting in hypervisor memory corruption. The effects of memory corruption could be anything, including a host-wide denial of service, or privilege escalation.
VULNERABLE SYSTEMS
Xen 4.2.x and later are vulnerable. Xen 4.1.x and earlier are not vulnerable.
Only systems making use of device passthrough are vulnerable.
Only systems with a 64-bit hypervisor configured to support more than 128 CPUs or with a 32-bit hypervisor configured to support more than 64 CPUs are vulnerable.
Related
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
35.5%