CVE-2015-6654
Xen 4.5.x and earlier - Denial of Service via xenmem_add_to_physmap_one Console Message Flood
Title source: llmDescription
The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map the memory of a foreign guest.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://xenbits.xen.org/xsa/advisory-141.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3414
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033438
Scores
EPSS
0.0005
EPSS Percentile
14.8%
Details
CWE
CWE-264
Status
published
Products (3)
xen/xen
4.4.0
xen/xen
4.5.0
xen/xen
4.5.1
Published
Sep 03, 2015
Tracked Since
Feb 18, 2026