CVE-2015-8615 — XEN vulnerability

CWE-2546 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.2%

top 52.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedJan 8

Latest updateMay 17

Description

The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to cause a denial of service via a large number of changes to the callback method (HVM_PARAM_CALLBACK_IRQ).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:LExploitability: 3.1 | Impact: 1.4

Affected Packages3 packages

▶debiandebian/xen< xen 4.8.0~rc3-1 (bookworm)

▶Debianxen/xen< 4.8.0~rc3-1+3

▶NVDxen/xen4.6.0

🔴Vulnerability Details

GHSA

GHSA-5p4h-mjwj-j325: The hvm_set_callback_via function in arch/x86/hvm/irq↗2022-05-17

▶

OSV

CVE-2015-8615: The hvm_set_callback_via function in arch/x86/hvm/irq↗2016-01-08

▶

📋Vendor Advisories

Red Hat

xen: Unintentional logging upon guest changing callback method on x86↗2015-12-21

▶

Debian

CVE-2015-8615: xen - The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limi...↗2015

▶

💬Community

Bugzilla

CVE-2015-8615 xen: Unintentional logging upon guest changing callback method on x86↗2015-12-22

▶