CVE-2015-8615 - The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of prin

CVE-2015-8615

Summary

The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to cause a denial of service via a large number of changes to the callback method (HVM_PARAM_CALLBACK_IRQ).

References

http://www.securityfocus.com/bid/79644
http://www.securitytracker.com/id/1034512
http://xenbits.xen.org/xsa/advisory-169.html

Vulnerable Configurations

cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 28-11-2016 - 19:48)
Impact:
Exploitability:

CWE

CWE-254

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	79644
confirm	http://xenbits.xen.org/xsa/advisory-169.html
sectrack	1034512

Last major update

28-11-2016 - 19:48

Published

08-01-2016 - 19:59

Last modified

28-11-2016 - 19:48