[Pkg-xen-devel] Bug#800128: xen: CVE-2015-6654: printk is not rate-limited in xenmem_add_to_physmap_one
Salvatore Bonaccorso
carnil at debian.org
Sun Sep 27 07:24:40 UTC 2015
Source: xen
Version: 4.4.1-9
Severity: normal
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for xen.
CVE-2015-6654[0]:
| The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x,
| 4.4.x, and earlier does not limit the number of printk console
| messages when reporting a failure to retrieve a reference on a foreign
| page, which allows remote domains to cause a denial of service by
| leveraging permissions to map the memory of a foreign guest.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-6654
[1] http://xenbits.xen.org/xsa/advisory-141.html
Regards,
Salvatore
More information about the Pkg-xen-devel
mailing list