[Pkg-xen-devel] Bug#800128: xen: CVE-2015-6654: printk is not rate-limited in xenmem_add_to_physmap_one

Salvatore Bonaccorso carnil at debian.org
Sun Sep 27 07:24:40 UTC 2015


Source: xen
Version: 4.4.1-9
Severity: normal
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for xen.

CVE-2015-6654[0]:
| The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x,
| 4.4.x, and earlier does not limit the number of printk console
| messages when reporting a failure to retrieve a reference on a foreign
| page, which allows remote domains to cause a denial of service by
| leveraging permissions to map the memory of a foreign guest.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-6654
[1] http://xenbits.xen.org/xsa/advisory-141.html

Regards,
Salvatore



More information about the Pkg-xen-devel mailing list