CVE-2015-7835

Description

The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.

CVSS Metrics

• v2.0•HIGH•Score: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.10%• Percentile: 27%

Techniques & Countermeasures

• CWE-20•Improper Input Validation

  The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

• CWE-264•Permissions, Privileges, and Access Controls

  Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Affected Systems

• xen•xen

  3.4.0 | 3.4.1 | 3.4.2 | 3.4.3 | 3.4.4 | 4.0.0 | 4.0.1 | 4.0.2 | 4.0.3 | 4.0.4 | 4.1.0 | 4.1.1 | 4.1.2 | 4.1.3 | 4.1.4 | 4.1.5 | 4.1.6.1 | 4.2.0 | 4.2.1 | 4.2.2 | 4.2.3 | 4.3.0 | 4.3.1 | 4.3.2 | 4.3.4 | 4.4.0 | 4.4.1 | 4.5.0 | 4.5.1 | 4.6.0

References (12)

• http://support.citrix.com/article/CTX202404
• http://www.securityfocus.com/bid/77366
• http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html
• http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html
• http://xenbits.xen.org/xsa/advisory-148.html
• http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html
• https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-022-2015.txt
• http://www.debian.org/security/2015/dsa-3390
• http://www.securitytracker.com/id/1034032
• http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html
• http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html
• https://security.gentoo.org/glsa/201604-03