CVE-2017-15596 — Uncontrolled Resource Consumption in XEN

CWE-400 — Uncontrolled Resource Consumption CWE-770 — Allocation of Resources Without Limits or Throttling8 documents7 sources

Severity

6.0MEDIUMNVD

EPSS

0.1%

top 76.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedOct 18

Latest updateMay 17

Description

An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.8.1-1+deb9u3 (bookworm)

▶Debianxen/xen< 4.8.1-1+deb9u3+3

▶NVDxen/xen26 versions+25

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-9vx2-2784-8w2r: An issue was discovered in Xen 4↗2022-05-17

▶

OSV

CVE-2017-15596: An issue was discovered in Xen 4↗2017-10-18

▶

📋Vendor Advisories

Red Hat

xen: add-to-physmap error paths fail to release lock on ARM↗2017-08-23

▶

Debian

CVE-2017-15596: xen - An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users t...↗2017

▶

📄Research Papers

arXiv

Fine Grained Dataflow Tracking with Proximal Gradients↗2021-02-24

▶

💬Community

Bugzilla

CVE-2017-15596 xen: xsa235 xen: add-to-physmap error paths fail to release lock on ARM [fedora-all]↗2017-10-18

▶

Bugzilla

CVE-2017-15596 xsa235 xen: add-to-physmap error paths fail to release lock on ARM↗2017-08-23

▶