4.9

CVE-2015-2752

The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FedoraprojectFedora Version20
FedoraprojectFedora Version21
XenXen Version4.3.0
XenXen Version4.3.1
XenXen Version4.3.2
XenXen Version4.4.0
XenXen Version4.4.1 Update-
XenXen Version4.5.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.45% 0.359
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://security.gentoo.org/glsa/201504-04
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154574.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154579.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155198.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html
http://www.securityfocus.com/bid/73448
http://www.securitytracker.com/id/1031994
Third Party Advisory
VDB Entry
http://xenbits.xen.org/xsa/advisory-125.html
Patch
Vendor Advisory