CVE-2015-7835

Loading...

General

Score:7.2/10.0
Severity:Medium
Category:Input Validation Error
Exploit:Available

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Local
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2014-0222, CVE-2015-3259, CVE-2015-4037, CVE-2015-4106, CVE-2015-5154, CVE-2015-5239, CVE-2015-5307, CVE-2015-6815, CVE-2015-7311, CVE-2015-7504, CVE-2015-7969, CVE-2015-7970, CVE-2015-7971, CVE-2015-7972, CVE-2015-8104, CVE-2015-8339, CVE-2015-8340, CVE-2015-8341, CVE-2015-8345

Published on 30/10/15 - Updated on 01/07/17

Description

The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2015-7835
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2015-AVI-458
Debian DSA-3390-1
Renater 2015/VULN240
SUSE SUSE-SU-2015:1853, SUSE-SU-2015:1894, SUSE-SU-2015:1908, SUSE-SU-2015:1952, SUSE-SU-2015:2324, SUSE-SU-2015:2328, SUSE-SU-2015:2338

Exploits

SecurityFocusBID-77366

Relative technologies

VendorProduct
xenxen

Share this vulnerability with:

Twitter Facebook LinkedIn Mail