CVE-2015-8615

MEDIUM

Xen 4.6 - DoS

Title source: llm

Description

The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to cause a denial of service via a large number of changes to the callback method (HVM_PARAM_CALLBACK_IRQ).

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/79644

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1034512

[Vendor Advisory] http://xenbits.xen.org/xsa/advisory-169.html

Scores

CVSS v3 5.0

EPSS 0.0024

EPSS Percentile 47.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

Classification

CWE

CWE-254

Status draft

Affected Products (1)

xen/xen

Timeline

Published Jan 08, 2016

Tracked Since Feb 18, 2026