CVE-2015-7813 — XEN vulnerability

CWE-3997 documents6 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 77.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedOct 30

Latest updateMay 14

Description

Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly handled in the do_physdev_op function in arch/arm/physdev.c, or (2) HYPERVISOR_hvm_op hypercalls, which are not properly handled in the do_hvm_op function in arch/arm/hvm.c.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.6.0-1 (bookworm)

▶Debianxen/xen< 4.6.0-1+3

▶NVDxen/xen5 versions+4

🔴Vulnerability Details

GHSA

GHSA-r32v-853x-3fjx: Xen 4↗2022-05-14

▶

OSV

CVE-2015-7813: Xen 4↗2015-10-30

▶

📋Vendor Advisories

Red Hat

xen: Various unimplemented hypercalls log without rate limiting on ARM↗2015-10-29

▶

Debian

CVE-2015-7813: xen - Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages...↗2015

▶

💬Community

Bugzilla

CVE-2015-7969 CVE-2015-7970 CVE-2015-7813 CVE-2015-7814 CVE-2015-7812 CVE-2015-7971 CVE-2015-7835 CVE-2015-7972 xen: various flaws [fedora-all]↗2015-10-29

▶

Bugzilla

CVE-2015-7813 xen: Various unimplemented hypercalls log without rate limiting on ARM↗2015-10-14

▶