The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-consuming linear scan," related to Populate-on-Demand.
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html
http://support.citrix.com/article/CTX202404
http://www.debian.org/security/2015/dsa-3414
http://www.securityfocus.com/bid/77362
http://www.securitytracker.com/id/1034034
OR
cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
140019 | OracleVM 3.4 : xen (OVMSA-2020-0039) (Bunker Buster) (Foreshadow) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (Meltdown) (POODLE) (Spectre) | Nessus | OracleVM Local Security Checks | critical |
111992 | OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre) | Nessus | OracleVM Local Security Checks | critical |
91198 | Debian DLA-479-1 : xen security update | Nessus | Debian Local Security Checks | medium |
90380 | GLSA-201604-03 : Xen: Multiple vulnerabilities (Venom) | Nessus | Gentoo Local Security Checks | high |
89359 | Fedora 23 : xen-4.5.1-14.fc23 (2015-a931b02be2) | Nessus | Fedora Local Security Checks | high |
89278 | Fedora 22 : xen-4.5.1-14.fc22 (2015-6f6b79efe2) | Nessus | Fedora Local Security Checks | high |
89177 | Fedora 21 : xen-4.4.3-7.fc21 (2015-242be2c240) | Nessus | Fedora Local Security Checks | high |
88124 | openSUSE Security Update : xen (openSUSE-2016-34) | Nessus | SuSE Local Security Checks | high |
87650 | SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:2338-1) | Nessus | SuSE Local Security Checks | high |
87591 | SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:2328-1) | Nessus | SuSE Local Security Checks | high |
87590 | SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:2326-1) | Nessus | SuSE Local Security Checks | high |
87528 | SUSE SLES11 Security Update : xen (SUSE-SU-2015:2306-1) | Nessus | SuSE Local Security Checks | medium |
87443 | openSUSE Security Update : xen (openSUSE-2015-893) | Nessus | SuSE Local Security Checks | high |
87393 | openSUSE Security Update : xen (openSUSE-2015-892) | Nessus | SuSE Local Security Checks | high |
87288 | Debian DSA-3414-1 : xen - security update | Nessus | Debian Local Security Checks | medium |
86838 | FreeBSD : xen-kernel -- Long latency populate-on-demand operation is not preemptible (83350009-881e-11e5-ab94-002590263bf5) | Nessus | FreeBSD Local Security Checks | medium |