{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-10-29T00:00:00", "descriptions": [{"lang": "en", "value": "The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX202404"}, {"name": "77366", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/77366"}, {"name": "FEDORA-2015-242be2c240", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html"}, {"name": "FEDORA-2015-a931b02be2", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-148.html"}, {"name": "openSUSE-SU-2015:2250", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-022-2015.txt"}, {"name": "DSA-3390", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3390"}, {"name": "1034032", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034032"}, {"name": "openSUSE-SU-2015:1965", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html"}, {"name": "FEDORA-2015-6f6b79efe2", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html"}, {"name": "GLSA-201604-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201604-03"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7835", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://support.citrix.com/article/CTX202404", "refsource": "CONFIRM", "url": "http://support.citrix.com/article/CTX202404"}, {"name": "77366", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77366"}, {"name": "FEDORA-2015-242be2c240", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html"}, {"name": "FEDORA-2015-a931b02be2", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html"}, {"name": "http://xenbits.xen.org/xsa/advisory-148.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-148.html"}, {"name": "openSUSE-SU-2015:2250", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html"}, {"name": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-022-2015.txt", "refsource": "MISC", "url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-022-2015.txt"}, {"name": "DSA-3390", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3390"}, {"name": "1034032", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034032"}, {"name": "openSUSE-SU-2015:1965", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html"}, {"name": "FEDORA-2015-6f6b79efe2", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html"}, {"name": "GLSA-201604-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201604-03"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:58:59.983Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.citrix.com/article/CTX202404"}, {"name": "77366", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/77366"}, {"name": "FEDORA-2015-242be2c240", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html"}, {"name": "FEDORA-2015-a931b02be2", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://xenbits.xen.org/xsa/advisory-148.html"}, {"name": "openSUSE-SU-2015:2250", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-022-2015.txt"}, {"name": "DSA-3390", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3390"}, {"name": "1034032", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034032"}, {"name": "openSUSE-SU-2015:1965", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html"}, {"name": "FEDORA-2015-6f6b79efe2", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html"}, {"name": "GLSA-201604-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201604-03"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-7835", "datePublished": "2015-10-30T15:00:00", "dateReserved": "2015-10-14T00:00:00", "dateUpdated": "2024-08-06T07:58:59.983Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F7D1B7E-C30F-430F-832D-2A405DA1F2D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "B7C1D0AD-B804-474C-96A3-988BADA0DAD2", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "1DCD1F05-9F96-40DD-B506-750E87306325", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "25B6AE42-E1EB-47A8-8FAF-7A93A67EC67F", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "60BADA43-94D5-4E80-B5C8-D01A0249F13E", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "550223A9-B9F1-440A-8C25-9F0F76AF7301", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FC734D58-96E5-4DD2-8781-F8E0ADB96462", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "62CEC1BF-1922-410D-BCBA-C58199F574C7", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "923F2C2B-4A65-4823-B511-D0FEB7C7FAB2", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "C1A24DED-B2EC-4D9C-9FA4-DD37EF3E3BFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D532B60-C8DD-4A2F-9D05-E574D23EB754", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5D83CA8B-8E49-45FA-8FAB-C15052474542", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "27537DF5-7E0F-463F-BA87-46E329EE07AC", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "3EA4F978-9145-4FE6-B4F9-15207E52C40A", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "22A995FD-9B7F-4DF0-BECF-4B086E470F1E", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "219597E2-E2D7-4647-8A7C-688B96300158", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "65E55950-EACA-4209-B2A1-E09026FC6006", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "47640819-FC43-49ED-8A77-728C3D7255B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "2448537F-87AD-45C1-9FB0-7A49CA31BD76", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E36B2265-70E1-413B-A7CF-79D39E9ADCFB", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF948E6A-07BE-4C7D-8A98-002E89D35F4D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "C0E23B94-1726-4F63-84BB-8D83FAB156D7", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "C76124AB-4E3D-4BE0-AAEA-7FC05868E2FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "F784EF07-DBEC-492A-A0F4-F9F7B2551A0B", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "1044792C-D544-457C-9391-4F3B5BAB978D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.4.1:-:*:*:*:*:*:*", "matchCriteriaId": "A40F356B-4F5F-485D-A53A-8CE4629D6931", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "90CCECD0-C0F9-45A8-8699-64428637EBCA", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "F0ED340C-6746-471E-9F2D-19D62D224B7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B6F7CE9-C409-4D88-9A99-B21420633F45", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping."}, {"lang": "es", "value": "La funci\u00f3n mod_l2_entry en arch/x86/mm.c en Xen 3.4 hasta la versi\u00f3n 4.6.x no valida correctamente las entradas de la tabla de paginaci\u00f3n de nivel 2, lo que permite a administradores invitados PV locales obtener privilegios a trav\u00e9s de un mapeo de superpage manipulado."}], "id": "CVE-2015-7835", "lastModified": "2018-10-30T16:26:53.700", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-10-30T15:59:04.747", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html"}, {"source": "cve@mitre.org", "url": "http://support.citrix.com/article/CTX202404"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3390"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/77366"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1034032"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-148.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-022-2015.txt"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201604-03"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "xen: Uncontrolled creation of large page mappings by PV guests on x86", "id": "1271971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271971"}, "csaw": false, "cvss": {"cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C", "status": "draft"}, "details": ["The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping."], "mitigation": {"lang": "en:us", "value": "Running only HVM guests will avoid this vulnerability. On systems where the guest kernel is controlled by the host rather than guest administrator, running only kernels which do not call these hypercalls will also prevent untrusted guest users from exploiting this issue. However untrusted guest administrators can still trigger it unless further steps are taken to prevent them from loading code into the kernel (e.g. by disabling loadable modules etc) or from using other mechanisms which allow them to run code at kernel privilege."}, "name": "CVE-2015-7835", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2015-10-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-7835\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7835\nhttp://xenbits.xen.org/xsa/advisory-148.html"], "threat_severity": "Important"}