XenSource Xen 4.4/4.5 hypercalls HYPERCALL_xenoprof_op/HYPERVISOR_xenpmu_op dénie de service

Une vulnérabilité classée problématique a été trouvée dans XenSource Xen 4.4/4.5 (Virtualization Software). Affecté est la fonction HYPERCALL_xenoprof_op/HYPERVISOR_xenpmu_op du composant hypercalls Handler. En appliquant un correctif il est possible d'éliminer le problème. Une solution envisageable a été publiée immédiatement après la publication de la vulnérabilité.

Domaine02/03/2018 09:3625/06/2022 14:3125/06/2022 14:33
typeVirtualization SoftwareVirtualization SoftwareVirtualization Software
vendorXenSourceXenSourceXenSource
nameXenXenXen
version4.4/4.54.4/4.54.4/4.5
componenthypercalls Handlerhypercalls Handlerhypercalls Handler
functionHYPERCALL_xenoprof_op/HYPERVISOR_xenpmu_opHYPERCALL_xenoprof_op/HYPERVISOR_xenpmu_opHYPERCALL_xenoprof_op/HYPERVISOR_xenpmu_op
cwe191919
risk111
cvss2_vuldb_basescore2.12.12.1
cvss2_vuldb_tempscore1.61.61.6
cvss2_vuldb_avLLL
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_nvd_avLLL
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciNNN
cvss2_nvd_iiNNN
cvss2_nvd_aiPPP
cvss3_meta_basescore4.04.04.0
cvss3_meta_tempscore3.53.53.5
cvss3_vuldb_basescore4.04.04.0
cvss3_vuldb_tempscore3.53.53.5
date1446076800 (29/10/2015)1446076800 (29/10/2015)1446076800 (29/10/2015)
locationWebsiteWebsiteWebsite
typeSecurity AdvisorySecurity AdvisorySecurity Advisory
urlhttp://xenbits.xen.org/xsa/advisory-152.htmlhttp://xenbits.xen.org/xsa/advisory-152.htmlhttp://xenbits.xen.org/xsa/advisory-152.html
identifierXSA-152XSA-152XSA-152
price_0day$5k-$25k$0-$5k$0-$5k
namePatchPatchPatch
date1446076800 (29/10/2015)1446076800 (29/10/2015)1446076800 (29/10/2015)
cveCVE-2015-7971CVE-2015-7971CVE-2015-7971
cve_assigned1445558400 (23/10/2015)1445558400 (23/10/2015)1445558400 (23/10/2015)
cve_nvd_published144616320014461632001446163200
securityfocus773637736377363
securityfocus_titleXen CVE-2015-7971 Denial of Service VulnerabilityXen CVE-2015-7971 Denial of Service VulnerabilityXen CVE-2015-7971 Denial of Service Vulnerability
vulnerabilitycenter540445404454044
vulnerabilitycenter_titleXen Remote DoS Vulnerability due to a Failure to Handle Exceptional Conditions via Hypervisor ConsoleXen Remote DoS Vulnerability due to a Failure to Handle Exceptional Conditions via Hypervisor ConsoleXen Remote DoS Vulnerability due to a Failure to Handle Exceptional Conditions via Hypervisor Console
vulnerabilitycenter_severityMediumMediumMedium
vulnerabilitycenter_creationdate144616320014461632001446163200
vulnerabilitycenter_lastupdate151061760015106176001510617600
vulnerabilitycenter_reportingdate144607680014460768001446076800
xforce107670107670107670
xforce_titleXen hypercalls denial of serviceXen hypercalls denial of serviceXen hypercalls denial of service
xforce_identifierxen-cve20157971-dosxen-cve20157971-dosxen-cve20157971-dos
nessus_id868418684186841
nessus_filenamefreebsd_pkg_e4848ca4882011e5ab94002590263bf5.naslfreebsd_pkg_e4848ca4882011e5ab94002590263bf5.naslfreebsd_pkg_e4848ca4882011e5ab94002590263bf5.nasl
openvas_id703414703414703414
openvas_filenamedeb_3414.nasldeb_3414.nasldeb_3414.nasl
openvas_titleDebian Security Advisory DSA 3414-1 (xen - security update)Debian Security Advisory DSA 3414-1 (xen - security update)Debian Security Advisory DSA 3414-1 (xen - security update)
openvas_familyDebian Local Security ChecksDebian Local Security ChecksDebian Local Security Checks
qualys_id370027370027370027
qualys_titleCitrix XenServer Security Update (CTX202404)Citrix XenServer Security Update (CTX202404)Citrix XenServer Security Update (CTX202404)
seealso78957 78959 7896378957 78959 7896378957 78959 78963
cvss2_vuldb_eUUU
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eUUU
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
person_nameJan BeulichJan BeulichJan Beulich
company_nameSuSESuSESuSE
confirm_urlhttp://xenbits.xen.org/xsa/advisory-152.htmlhttp://xenbits.xen.org/xsa/advisory-152.htmlhttp://xenbits.xen.org/xsa/advisory-152.html
oval_idoval:org.cisecurity:def:336oval:org.cisecurity:def:336oval:org.cisecurity:def:336
securityfocus_date1446076800 (29/10/2015)1446076800 (29/10/2015)1446076800 (29/10/2015)
securityfocus_classFailure to Handle Exceptional ConditionsFailure to Handle Exceptional ConditionsFailure to Handle Exceptional Conditions
sectracker10340351034035
cve_nvd_summaryXen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c.Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c.
cvss2_nvd_basescore2.12.1
nessus_riskLow

Might our Artificial Intelligence support you?

Check our Alexa App!