CVE-2015-0268 — Improper Input Validation in XEN

CWE-20 — Improper Input Validation6 documents5 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 84.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedFeb 16

Latest updateMay 14

Description

The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (host crash) by writing an invalid value to the GICD.SGIR register.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages2 packages

▶NVDxen/xen4.5.0

▶debiandebian/xen

🔴Vulnerability Details

GHSA

GHSA-67x7-673j-9cxp: The vgic_v2_to_sgi function in arch/arm/vgic-v2↗2022-05-14

▶

📋Vendor Advisories

Red Hat

xen: GICD_SGIR is not properly emulated on ARM architecture (XSA-117)↗2015-02-12

▶

Debian

CVE-2015-0268: xen - The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ...↗2015

▶

💬Community

Bugzilla

CVE-2015-0268 xen: GICD_SGIR is not properly emulated on ARM architecture (XSA-117) [fedora-all]↗2015-02-20

▶

Bugzilla

CVE-2015-0268 xen: GICD_SGIR is not properly emulated on ARM architecture (XSA-117)↗2015-01-29

▶