#VU40726 Permissions, Privileges, and Access Controls in Xen - CVE-2015-4103

Cybersecurity Help s.r.o.

Published: 2015-06-03 | Updated: 2020-08-09

Vulnerability identifier: #VU40726

Vulnerability risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-4103

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Xen
Server applications / Virtualization software

Vendor: Xen Project

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Xen: 3.3.0 - 4.5.0

External links
https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html
https://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html
https://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html
https://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html
https://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html
https://support.citrix.com/article/CTX201145
https://www.debian.org/security/2015/dsa-3284
https://www.debian.org/security/2015/dsa-3286
https://www.securityfocus.com/bid/74947
https://www.securitytracker.com/id/1032456
https://www.ubuntu.com/usn/USN-2630-1
https://xenbits.xen.org/xsa/advisory-128.html
https://security.gentoo.org/glsa/201604-03
https://support.citrix.com/article/CTX206006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE Linux update for Xen

SUSE Linux update for xen

Multiple vulnerabilities in Xen