CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:S/C:P/I:P/A:P
EPSS
Percentile
26.7%
libvchan (a library for inter-domain communication) does not correctly handle unusual or malicious contents in the xenstore ring. A malicious guest can exploit this to cause a libvchan-using facility to read or write past the end of the ring.
libvchan-using facilities are vulnerable to denial of service and perhaps privilege escalation.
There are no such services provided in the upstream Xen Project codebase.
All versions of libvchan are vulnerable. Only installations which use libvchan for communication involving untrusted domains are vulnerable.
libvirt, xapi, xend, libxl and xl do not use libvchan. If your installation contains other Xen-related software components it is possible that they use libvchan and might be vulnerable.
Xen versions 4.1 and earlier do not contain libvchan.