CVE-2015-7835 — Improper Input Validation in XEN

CWE-20 — Improper Input Validation CWE-2647 documents6 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 73.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedOct 30

Latest updateMay 14

Description

The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.6.0-1 (bookworm)

▶Debianxen/xen< 4.6.0-1+3

▶NVDxen/xen30 versions+29

🔴Vulnerability Details

GHSA

GHSA-4rfc-hjfx-gw3f: The mod_l2_entry function in arch/x86/mm↗2022-05-14

▶

OSV

CVE-2015-7835: The mod_l2_entry function in arch/x86/mm↗2015-10-30

▶

📋Vendor Advisories

Red Hat

xen: Uncontrolled creation of large page mappings by PV guests on x86↗2015-10-29

▶

Debian

CVE-2015-7835: xen - The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not pro...↗2015

▶

💬Community

Bugzilla

CVE-2015-7969 CVE-2015-7970 CVE-2015-7813 CVE-2015-7814 CVE-2015-7812 CVE-2015-7971 CVE-2015-7835 CVE-2015-7972 xen: various flaws [fedora-all]↗2015-10-29

▶

Bugzilla

CVE-2015-7835 xen: Uncontrolled creation of large page mappings by PV guests on x86↗2015-10-15

▶