CVE-2015-7970 - The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not

CVE-2015-7970

Summary

The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-consuming linear scan," related to Populate-on-Demand.

References

Vulnerable Configurations

cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 01-07-2017 - 01:29)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	77362
confirm	http://support.citrix.com/article/CTX202404 http://xenbits.xen.org/xsa/advisory-150.html
debian	DSA-3414
fedora	FEDORA-2015-242be2c240 FEDORA-2015-6f6b79efe2 FEDORA-2015-a931b02be2
gentoo	GLSA-201604-03
sectrack	1034034
suse	openSUSE-SU-2015:2250

Last major update

01-07-2017 - 01:29

Published

30-10-2015 - 15:59

Last modified

01-07-2017 - 01:29