ID CVE-2015-8338
Summary Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.
References
Vulnerable Configurations
  • Xen Xen 4.6.0
    cpe:2.3:o:xen:xen:4.6.0
CVSS
Base: 7.2 (as of 18-12-2015 - 11:21)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3633.NASL
    description Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-8338 Julien Grall discovered that Xen on ARM was susceptible to denial of service via long running memory operations. - CVE-2016-4480 Jan Beulich discovered that incorrect page table handling could result in privilege escalation inside a Xen guest instance. - CVE-2016-4962 Wei Liu discovered multiple cases of missing input sanitising in libxl which could result in denial of service. - CVE-2016-5242 Aaron Cornelius discovered that incorrect resource handling on ARM systems could result in denial of service. - CVE-2016-6258 Jeremie Boutoille discovered that incorrect pagetable handling in PV instances could result in guest to host privilege escalation.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 92614
    published 2016-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92614
    title Debian DSA-3633-1 : xen - security update (Bunker Buster)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-08E4AF5A20.NASL
    description eepro100: Prevent two endless loops [CVE-2015-8345] (#1285215), pcnet: fix rx buffer overflow [CVE-2015-7512], ui: vnc: avoid floating point exception [CVE-2015-8504], additional patch for [XSA-158, CVE-2015-8338] long running memory operations on ARM [XSA-158, CVE-2015-8338] XENMEM_exchange error handling issues [XSA-159, CVE-2015-8339, CVE-2015-8340] libxl leak of pv kernel and initrd on error [XSA-160, CVE-2015-8341] ---- heap buffer overflow vulnerability in pcnet emulator [XSA-162, CVE-2015-7504], virtual PMU is unsupported [XSA-163] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 89135
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89135
    title Fedora 22 : xen-4.5.2-5.fc22 (2015-08e4af5a20)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-12A089920E.NASL
    description eepro100: Prevent two endless loops [CVE-2015-8345], pcnet: fix rx buffer overflow [CVE-2015-7512], ui: vnc: avoid floating point exception [CVE-2015-8504], additional patch for [XSA-158, CVE-2015-8338] long running memory operations on ARM [XSA-158, CVE-2015-8338] XENMEM_exchange error handling issues [XSA-159, CVE-2015-8339, CVE-2015-8340] libxl leak of pv kernel and initrd on error [XSA-160, CVE-2015-8341] ---- heap buffer overflow vulnerability in pcnet emulator [XSA-162, CVE-2015-7504], virtual PMU is unsupported [XSA-163] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 89151
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89151
    title Fedora 23 : xen-4.5.2-5.fc23 (2015-12a089920e)
refmap via4
bid 78920
confirm http://xenbits.xen.org/xsa/advisory-158.html
debian DSA-3633
sectrack 1034390
Last major update 07-12-2016 - 13:26
Published 17-12-2015 - 14:59
Back to Top