CVE-2015-7971 — XEN vulnerability

CWE-197 documents6 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 78.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedOct 30

Latest updateMay 14

Description

Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.6.0-1 (bookworm)

▶Debianxen/xen< 4.6.0-1+3

▶NVDxen/xen37 versions+36

🔴Vulnerability Details

GHSA

GHSA-p377-fgpq-vgvx: Xen 3↗2022-05-14

▶

OSV

CVE-2015-7971: Xen 3↗2015-10-30

▶

📋Vendor Advisories

Red Hat

xen: Some pmu and profiling hypercalls log without rate limiting on x86↗2015-10-29

▶

Debian

CVE-2015-7971: xen - Xen 3.2.x through 4.6.x does not limit the number of printk console messages whe...↗2015

▶

💬Community

Bugzilla

CVE-2015-7969 CVE-2015-7970 CVE-2015-7813 CVE-2015-7814 CVE-2015-7812 CVE-2015-7971 CVE-2015-7835 CVE-2015-7972 xen: various flaws [fedora-all]↗2015-10-29

▶

Bugzilla

CVE-2015-7971 xen: Some pmu and profiling hypercalls log without rate limiting on x86↗2015-10-16

▶