CVE-2015-7969

Severity

49%

Complexity

39%

Confidentiality

115%

Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall.

CVSS 2.0 Base Score 4.9. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C).

Overview

Type

Xen

First reported 9 years ago

2015-10-30 15:59:00

Last updated 6 years ago

2018-10-30 16:26:00

Affected Software

Xen 4.0.0

4.0.0

Xen 4.0.1

4.0.1

Xen 4.0.2

4.0.2

Xen 4.0.3

4.0.3

Xen 4.0.4

4.0.4

Xen 4.1.0

4.1.0

Xen 4.1.1

4.1.1

Xen 4.1.2

4.1.2

Xen 4.1.3

4.1.3

Xen 4.1.4

4.1.4

Xen 4.1.5

4.1.5

Xen 4.1.6.1

4.1.6.1

Xen 4.2.0

4.2.0

Xen 4.2.1

4.2.1

Xen 4.2.2

4.2.2

Xen 4.2.3

4.2.3

Xen Xen 4.3.0

4.3.0

Xen 4.3.1

4.3.1

Xen Xen 4.3.2

4.3.2

Xen 4.3.4

4.3.4

Xen Xen 4.4.0

4.4.0

Xen Xen 4.5.0

4.5.0

Xen Xen 4.5.1

4.5.1

Xen Xen 4.6.0

4.6.0

References

FEDORA-2015-a931b02be2

FEDORA-2015-6f6b79efe2

FEDORA-2015-242be2c240

openSUSE-SU-2015:1965

http://support.citrix.com/article/CTX202404

DSA-3414

77364

1034033

http://xenbits.xen.org/xsa/advisory-149.html

Vendor Advisory

http://xenbits.xen.org/xsa/advisory-151.html