CVE-2015-8338 - OpenCVE

Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Xen	Xen

Configuration 1 [-]

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.debian.org/security/2016/dsa-3633
http://www.securityfocus.com/bid/78920
http://www.securitytracker.com/id/1034390
http://xenbits.xen.org/xsa/advisory-158.html
https://nvd.nist.gov/vuln/detail/CVE-2015-8338
https://www.cve.org/CVERecord?id=CVE-2015-8338

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-12-17T19:00:00

Updated: 2024-08-06T08:13:32.416Z

Reserved: 2015-11-25T00:00:00

Link: CVE-2015-8338

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-12-17T19:59:06.557

Modified: 2016-12-07T18:26:58.550

Link: CVE-2015-8338

Redhat

Severity : Important

Publid Date: 2015-12-08T00:00:00Z

Links: CVE-2015-8338 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-08T00:00:00", "descriptions": [{"lang": "en", "value": "Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "78920", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/78920"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-158.html"}, {"name": "1034390", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034390"}, {"name": "DSA-3633", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3633"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8338", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "78920", "refsource": "BID", "url": "http://www.securityfocus.com/bid/78920"}, {"name": "http://xenbits.xen.org/xsa/advisory-158.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-158.html"}, {"name": "1034390", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034390"}, {"name": "DSA-3633", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3633"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:13:32.416Z"}, "title": "CVE Program Container", "references": [{"name": "78920", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/78920"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://xenbits.xen.org/xsa/advisory-158.html"}, {"name": "1034390", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034390"}, {"name": "DSA-3633", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3633"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8338", "datePublished": "2015-12-17T19:00:00", "dateReserved": "2015-11-25T00:00:00", "dateUpdated": "2024-08-06T08:13:32.416Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6B6F029-A6B9-46BD-BDC5-8CA1B2B2DB5B", "versionEndIncluding": "4.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors."}, {"lang": "es", "value": "Xen 4.6.x y versiones anteriores no impone adecuadamente l\u00edmites en \u00f3rdenes de entrada de p\u00e1gina para las suboperaciones (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange y posiblemente otra HYPERVISOR_memory_op, lo que permite a administradores ARM invitados del SO causar una denegaci\u00f3n de servicio (consumo de CPU, reinicio de invitado o tiempo de watchdog excedido o reinicio host) y posiblemente tener otro impacto no especificado a trav\u00e9s de vectores desconocidos."}], "id": "CVE-2015-8338", "lastModified": "2016-12-07T18:26:58.550", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-12-17T19:59:06.557", "references": [{"source": "cve@mitre.org", "url": "http://www.debian.org/security/2016/dsa-3633"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/78920"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1034390"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-158.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Julien Grall (Citrix) as the original reporter.", "bugzilla": {"description": "xen: Long running memory operations on ARM cause DoS", "id": "1284911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1284911"}, "csaw": false, "cvss": {"cvss_base_score": "6.3", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C", "status": "draft"}, "cvss3": {"cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-667", "details": ["Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.", "A flaw was discovered in xen host that prevented the use of a physical CPU for a significant period of time. This can cause a softlockup or watchdog timeout in both the host and other guests."], "name": "CVE-2015-8338", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2015-12-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-8338\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8338\nhttp://xenbits.xen.org/xsa/advisory-158.html"], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, and 7, Red Hat Enterprise MRG 2, and realtime kernels.\nAt the time of writing, XEN on Red Hat Enterprise Linux 5 did not support ARM guests. XEN was not available on versions Red Hat Enterprise Linux 6 and 7, Red Hat Enterprise MRG 2, and realtime kernels.", "threat_severity": "Important"}