CVE-2015-8338

Published: 17 December 2015

Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.

Priority

Medium

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.6.0-1ubuntu2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [4.4.2-0ubuntu0.14.04.4])
Patches:
Upstream: http://xenbits.xen.org/xsa/xsa158.patch
Upstream: http://xenbits.xen.org/xsa/xsa158-4.4.patch
Binaries built from this source package are in Universe and so are supported by the community.