XenSource Xen 4.0/4.1/4.2/4.4 vcpu Pointer Array dénie de service

Une vulnérabilité qui a été classée problématique a été trouvée dans XenSource Xen 4.0/4.1/4.2/4.4 (Virtualization Software). Affecté par ce problème est une fonction inconnue du composant vcpu Pointer Array. En appliquant un correctif il est possible d'éliminer le problème. Une solution envisageable a été publiée immédiatement après la publication de la vulnérabilité.

Domaine02/03/2018 09:3425/06/2022 14:2325/06/2022 14:26
typeVirtualization SoftwareVirtualization SoftwareVirtualization Software
vendorXenSourceXenSourceXenSource
nameXenXenXen
version4.0/4.1/4.2/4.44.0/4.1/4.2/4.44.0/4.1/4.2/4.4
componentvcpu Pointer Arrayvcpu Pointer Arrayvcpu Pointer Array
cwe399 (dénie de service)399 (dénie de service)399 (dénie de service)
risk111
cvss2_vuldb_basescore2.12.12.1
cvss2_vuldb_tempscore1.61.61.6
cvss2_vuldb_avLLL
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_nvd_avLLL
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciNNN
cvss2_nvd_iiNNN
cvss2_nvd_aiCCC
cvss3_meta_basescore4.04.04.0
cvss3_meta_tempscore3.53.53.5
cvss3_vuldb_basescore4.04.04.0
cvss3_vuldb_tempscore3.53.53.5
date1446076800 (29/10/2015)1446076800 (29/10/2015)1446076800 (29/10/2015)
locationWebsiteWebsiteWebsite
typeSecurity AdvisorySecurity AdvisorySecurity Advisory
urlhttp://xenbits.xen.org/xsa/advisory-149.htmlhttp://xenbits.xen.org/xsa/advisory-149.htmlhttp://xenbits.xen.org/xsa/advisory-149.html
identifierXSA-149XSA-149XSA-149
price_0day$5k-$25k$0-$5k$0-$5k
namePatchPatchPatch
date1446076800 (29/10/2015)1446076800 (29/10/2015)1446076800 (29/10/2015)
cveCVE-2015-7969CVE-2015-7969CVE-2015-7969
cve_assigned1445558400 (23/10/2015)1445558400 (23/10/2015)1445558400 (23/10/2015)
cve_nvd_published144616320014461632001446163200
securityfocus773647736477364
securityfocus_titleXen CVE-2015-7969 Multiple Denial of Service VulnerabilitiesXen CVE-2015-7969 Multiple Denial of Service VulnerabilitiesXen CVE-2015-7969 Multiple Denial of Service Vulnerabilities
vulnerabilitycenter540415404154041
vulnerabilitycenter_titleXen 4.0 - 4.6 and 4.6.* Remote DoS due to Memory LeakXen 4.0 - 4.6 and 4.6.* Remote DoS due to Memory LeakXen 4.0 - 4.6 and 4.6.* Remote DoS due to Memory Leak
vulnerabilitycenter_severityMediumMediumMedium
vulnerabilitycenter_creationdate144616320014461632001446163200
vulnerabilitycenter_lastupdate151061760015106176001510617600
vulnerabilitycenter_reportingdate144607680014460768001446076800
xforce107668107668107668
xforce_titleXen pointer array denial of serviceXen pointer array denial of serviceXen pointer array denial of service
xforce_identifierxen-cve20157969-dosxen-cve20157969-dosxen-cve20157969-dos
nessus_id868408684086840
nessus_filenamefreebsd_pkg_e3792855881f11e5ab94002590263bf5.naslfreebsd_pkg_e3792855881f11e5ab94002590263bf5.naslfreebsd_pkg_e3792855881f11e5ab94002590263bf5.nasl
openvas_id703414703414703414
openvas_filenamedeb_3414.nasldeb_3414.nasldeb_3414.nasl
openvas_titleDebian Security Advisory DSA 3414-1 (xen - security update)Debian Security Advisory DSA 3414-1 (xen - security update)Debian Security Advisory DSA 3414-1 (xen - security update)
openvas_familyDebian Local Security ChecksDebian Local Security ChecksDebian Local Security Checks
qualys_id168296168296168296
qualys_titleSUSE Enterprise Linux Security update for xen (SUSE-SU-2015:2306-1)SUSE Enterprise Linux Security update for xen (SUSE-SU-2015:2306-1)SUSE Enterprise Linux Security update for xen (SUSE-SU-2015:2306-1)
seealso79345 7974979345 7974979345 79749
cvss2_vuldb_eUUU
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eUUU
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
person_nameJan BeulichJan BeulichJan Beulich
company_nameCitrixCitrixCitrix
confirm_urlhttp://xenbits.xen.org/xsa/advisory-149.htmlhttp://xenbits.xen.org/xsa/advisory-149.htmlhttp://xenbits.xen.org/xsa/advisory-149.html
oval_idoval:org.cisecurity:def:336oval:org.cisecurity:def:336oval:org.cisecurity:def:336
securityfocus_date1446076800 (29/10/2015)1446076800 (29/10/2015)1446076800 (29/10/2015)
securityfocus_classInput Validation ErrorInput Validation ErrorInput Validation Error
sectracker10340331034033
cve_nvd_summaryMultiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall.Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall.
cvss2_nvd_basescore4.94.9
nessus_riskMedium

Do you need the next level of professionalism?

Upgrade your account now!