CVE-2015-2752

EPSS 0.12%
Veröffentlicht 01.04.2015 14:59:06
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fedoraproject ≫ Fedora Version20

Fedoraproject ≫ Fedora Version21

Xen ≫ Xen Version4.3.0

Xen ≫ Xen Version4.3.1

Xen ≫ Xen Version4.3.2

Xen ≫ Xen Version4.4.0

Xen ≫ Xen Version4.4.1 Update-

Xen ≫ Xen Version4.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.319

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	3.9	6.9	AV:L/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://security.gentoo.org/glsa/201504-04

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154574.html

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154579.html

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155198.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html

http://www.securityfocus.com/bid/73448

http://www.securitytracker.com/id/1031994

Third Party Advisory

VDB Entry