CVE-2015-4163
Advisory lineage Upstream: 0 Downstream: 5
Modified
Published: 15 Jun 2015, 15:00
Last modified:06 Aug 2024, 06:04
Vulnerability Summary
Overall Risk (default)
low
20/100 CVSS Score
4.9 MEDIUM
v2.0 (nvd)
EPSS Score
0.12% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
15 Jun 2015, 15:00
Published
Vulnerability first disclosed
06 Aug 2024, 06:04
Last Modified
Vulnerability information updated
Description
GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.
CVSS Metrics
- v2.0•MEDIUM•Score: 4.9AV:L/AC:L/Au:N/C:N/I:N/A:C
EPSS Trends
Current EPSS score: 0.12%• Percentile: 31%
Affected Systems
- xen•xen
4.2.0 | 4.2.1 | 4.2.2 | 4.2.3 | 4.3.0 | 4.3.1 | 4.3.4 | 4.4.0 | 4.4.0:rc1 | 4.4.1 | 4.5.0
References (10)
- https://support.citrix.com/article/CTX206006
- http://www.debian.org/security/2015/dsa-3286
- http://www.securityfocus.com/bid/75141
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html
- http://support.citrix.com/article/CTX201145
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html
- http://xenbits.xen.org/xsa/advisory-134.html
- https://security.gentoo.org/glsa/201604-03
- http://www.securitytracker.com/id/1032568
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html