fkie_cve-2015-4163
Vulnerability from fkie_nvd
Published
2015-06-15 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html
cve@mitre.orghttp://support.citrix.com/article/CTX201145
cve@mitre.orghttp://www.debian.org/security/2015/dsa-3286
cve@mitre.orghttp://www.securityfocus.com/bid/75141
cve@mitre.orghttp://www.securitytracker.com/id/1032568
cve@mitre.orghttp://xenbits.xen.org/xsa/advisory-134.htmlVendor Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201604-03
cve@mitre.orghttps://support.citrix.com/article/CTX206006
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html
af854a3a-2127-422b-91ae-364da2661108http://support.citrix.com/article/CTX201145
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3286
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/75141
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032568
af854a3a-2127-422b-91ae-364da2661108http://xenbits.xen.org/xsa/advisory-134.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201604-03
af854a3a-2127-422b-91ae-364da2661108https://support.citrix.com/article/CTX206006
Impacted products
Vendor Product Version
xen xen 4.2.0
xen xen 4.2.1
xen xen 4.2.2
xen xen 4.2.3
xen xen 4.3.0
xen xen 4.3.1
xen xen 4.3.4
xen xen 4.4.0
xen xen 4.4.0
xen xen 4.4.1
xen xen 4.5.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47640819-FC43-49ED-8A77-728C3D7255B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2448537F-87AD-45C1-9FB0-7A49CA31BD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E36B2265-70E1-413B-A7CF-79D39E9ADCFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF948E6A-07BE-4C7D-8A98-002E89D35F4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0E23B94-1726-4F63-84BB-8D83FAB156D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F784EF07-DBEC-492A-A0F4-F9F7B2551A0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1044792C-D544-457C-9391-4F3B5BAB978D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CF23B21B-594A-42E2-AF90-D5C4246B39A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "A40F356B-4F5F-485D-A53A-8CE4629D6931",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90CCECD0-C0F9-45A8-8699-64428637EBCA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version."
    },
    {
      "lang": "es",
      "value": "GNTTABOP_swap_grant_ref en Xen 4.2 hasta 4.5 no comprueba la versi\u00f3n de la operaci\u00f3n de ceder tablas, lo que permite a dominios locales invitados causar una denegaci\u00f3n de servicio (referencia a puntero nulo) a trav\u00e9s de una hiperllamada sin GNTTABOP_setup_table o GNTTABOP_set_version."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/476.html\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e",
  "id": "CVE-2015-4163",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-06-15T15:59:12.413",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.citrix.com/article/CTX201145"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2015/dsa-3286"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/75141"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1032568"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://xenbits.xen.org/xsa/advisory-134.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201604-03"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://support.citrix.com/article/CTX206006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.citrix.com/article/CTX201145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3286"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/75141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032568"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://xenbits.xen.org/xsa/advisory-134.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201604-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.citrix.com/article/CTX206006"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.