CVE-2015-8338

Publication date 17 December 2015

Last updated 24 July 2024


Ubuntu priority

Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.

Status

Package Ubuntu Release Status
xen 15.10 wily
Fixed 4.5.1-0ubuntu1.2
15.04 vivid
Fixed 4.5.0-1ubuntu4.4
14.04 LTS trusty
Fixed 4.4.2-0ubuntu0.14.04.4
12.04 LTS precise
Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
xen