Description
The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-consuming linear scan," related to Populate-on-Demand.
CVSS vector
AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9Complexity: Low
Confidentiality: None
Integrity: None
Affected Packages3 packages
🔴Vulnerability Details
2GHSAGHSA-3g2j-g4j4-88m6: The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod↗2022-05-17 OSVCVE-2015-7970: The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod↗2015-10-30 📋Vendor Advisories
2Red Hatxen: Long latency populate-on-demand operation is not preemptible on x86↗2015-10-29 DebianCVE-2015-7970: xen - The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5....↗2015 💬Community
2BugzillaCVE-2015-7969 CVE-2015-7970 CVE-2015-7813 CVE-2015-7814 CVE-2015-7812 CVE-2015-7971 CVE-2015-7835 CVE-2015-7972 xen: various flaws [fedora-all]↗2015-10-29 BugzillaCVE-2015-7970 xen: Long latency populate-on-demand operation is not preemptible on x86↗2015-10-16