CVE-2015-2751

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154574.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154579.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155198.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html

http://www.securityfocus.com/bid/73443

http://www.securitytracker.com/id/1031997

http://xenbits.xen.org/xsa/advisory-127.html

https://security.gentoo.org/glsa/201504-04

Details

Source: MITRE

Published: 2015-04-01

Updated: 2018-10-30

Type: CWE-17

Risk Information

CVSS v2

Base Score: 7.1

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
140019OracleVM 3.4 : xen (OVMSA-2020-0039) (Bunker Buster) (Foreshadow) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (Meltdown) (POODLE) (Spectre)NessusOracleVM Local Security Checks
critical
111992OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)NessusOracleVM Local Security Checks
critical
85792SUSE SLED11 Security Update : xen (SUSE-SU-2015:1479-2)NessusSuSE Local Security Checks
high
85791SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:1479-1)NessusSuSE Local Security Checks
high
84694FreeBSD : xen-kernel -- Certain domctl operations may be abused to lock up the host (103a47d5-27e7-11e5-a4a5-002590263bf5)NessusFreeBSD Local Security Checks
high
84334openSUSE Security Update : xen (openSUSE-2015-435)NessusSuSE Local Security Checks
high
84333openSUSE Security Update : xen (openSUSE-2015-434) (Venom)NessusSuSE Local Security Checks
high
83757SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:0923-1) (Venom)NessusSuSE Local Security Checks
high
83714SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:0701-1)NessusSuSE Local Security Checks
high
83482OracleVM 3.3 : xen (OVMSA-2015-0057) (Venom)NessusOracleVM Local Security Checks
high
82952Fedora 22 : xen-4.5.0-7.fc22 (2015-5295)NessusFedora Local Security Checks
high
82734GLSA-201504-04 : Xen: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
82730Fedora 20 : xen-4.3.4-2.fc20 (2015-5402)NessusFedora Local Security Checks
high
82729Fedora 21 : xen-4.4.2-2.fc21 (2015-5208)NessusFedora Local Security Checks
high