CVE-2015-8338
xen - security update
EPSS 0.20%
描述
Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.
如何修補 CVE-2015-8338
要修補 CVE-2015-8338,請將受影響套件升級到下列已修補版本。
- Debian/xen—升級至 4.8.0~rc3-1 或更新版本
- —升級至 4.4.1-9+deb8u6 或更新版本
CVE-2015-8338 正在被利用嗎?
低 — EPSS 為 0.2%,目前沒有觀察到大規模利用活動。
受影響套件(2)
- from 0, < 4.8.0~rc3-1
- from 0, < 4.4.1-9+deb8u6