CVE-2015-8338

EPSS 0.20%

xen - security update

Published: 12/17/2015Modified: 4/28/2026

Description

Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.

Affected packages (2)

Debian/xenfrom 0, < 4.8.0~rc3-1
Debian/xenfrom 0, < 4.4.1-9+deb8u6

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-8338