CVE-2015-7971

Publication date 30 October 2015

Last updated 24 July 2024

Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
xen	15.10 wily	Fixed 4.5.1-0ubuntu1.1
	15.04 vivid	Fixed 4.5.0-1ubuntu4.3
	14.04 LTS trusty	Fixed 4.4.2-0ubuntu0.14.04.3
	12.04 LTS precise	Fixed 4.1.6.1-0ubuntu0.12.04.7

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

http://xenbits.xen.org/xsa/advisory-152.html
https://www.cve.org/CVERecord?id=CVE-2015-7971