FreeBSD : xen-kernel -- leak of main per-domain vcpu pointer array (fc1f8795-881d-11e5-ab94-002590263bf5)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Xen Project reports :

A domain's primary array of vcpu pointers can be allocated by a
toolstack exactly once in the lifetime of a domain via the
XEN_DOMCTL_max_vcpus hypercall. This array is leaked on domain
teardown. This memory leak could -- over time -- exhaust the host's
memory.

A domain given partial management control via XEN_DOMCTL_max_vcpus can
mount a denial of service attack affecting the whole system. The
ability to also restart or create suitable domains is also required to
fully exploit the issue. Without this the leak is limited to a small
multiple of the maximum number of vcpus for the domain. The maximum
leak is 64kbytes per domain (re)boot (less on ARM).

See also :

http://xenbits.xen.org/xsa/advisory-149.html
http://www.nessus.org/u?7b1e1745

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 86842 ()

Bugtraq ID:

CVE ID: CVE-2015-7969

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now