Vulnerability Description
Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | 3.2.0 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.h
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.h
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.h
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html
- http://support.citrix.com/article/CTX202404
- http://www.debian.org/security/2015/dsa-3414
- http://www.securityfocus.com/bid/77363
- http://www.securitytracker.com/id/1034035
- http://xenbits.xen.org/xsa/advisory-152.htmlVendor Advisory
- https://security.gentoo.org/glsa/201604-03
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.h
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.h
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.h
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html
- http://support.citrix.com/article/CTX202404
FAQ
What is CVE-2015-7971?
CVE-2015-7971 is a vulnerability with a CVSS score of 2.1 (LOW). Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of...
How severe is CVE-2015-7971?
CVE-2015-7971 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7971?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.