Vulnerabilities > CVE-2015-8615 - 7PK - Security Features vulnerability in XEN 4.6.0

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

xen

CWE-254

nessus

NVD

Published: 2016-01-08

Updated: 2016-11-28

Summary

The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to cause a denial of service via a large number of changes to the callback method (HVM_PARAM_CALLBACK_IRQ).

Vulnerable Configurations

Part	Description	Count
OS	Xen XEN XEN 4.6.0	1

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-479.NASL
description	This security update fixes a number of security issues in Xen in wheezy. For Debian 7
last seen	2020-03-17
modified	2016-05-18
plugin id	91198
published	2016-05-18
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91198
title	Debian DLA-479-1 : xen security update

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References