CVE-2015-2752

Loading...

General

Score:4.9/10.0
Severity:Low
Category:Input Validation Error

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Complete

Exploitability Metrics

Access Vector:Local
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2015-2751, CVE-2015-2756, CVE-2015-3340, CVE-2015-3456, CVE-2015-5165, CVE-2015-5307, CVE-2015-7969, CVE-2015-7970, CVE-2015-7971, CVE-2015-7972, CVE-2015-8104, CVE-2015-8339, CVE-2015-8340, CVE-2015-8550, CVE-2015-8554, CVE-2015-8555, CVE-2015-8615, CVE-2016-1570, CVE-2016-1571, CVE-2016-2270, CVE-2016-2271

Published on 01/04/15 - Updated on 30/10/18

Description

The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2015-2752
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2015-AVI-130
Debian LTSDLA-479-1
Renater 2015/VULN030
SUSE SUSE-SU-2015:0701, SUSE-SU-2015:0923

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
fedoraprojectfedora
xenxen

Share this vulnerability with:

Twitter Facebook LinkedIn Mail