Vulnerability Details : CVE-2015-7835
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.
Vulnerability category: Input validation
Products affected by CVE-2015-7835
- cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.4.1:-:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7835
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7835
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2015-7835
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7835
-
http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html
openSUSE-SU-2015:1965-1: moderate: Security update for xen
-
http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html
openSUSE-SU-2015:2250-1: moderate: Security update for xen
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html
[SECURITY] Fedora 21 Update: xen-4.4.3-7.fc21
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html
[SECURITY] Fedora 23 Update: xen-4.5.1-14.fc23
-
http://xenbits.xen.org/xsa/advisory-148.html
XSA-148 - Xen Security AdvisoriesVendor Advisory
-
http://www.securitytracker.com/id/1034032
Xen Page Table Validation Bypass Lets Local Users on a Guest System Gain Elevated Privileges on the Host System - SecurityTracker
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html
[SECURITY] Fedora 22 Update: xen-4.5.1-14.fc22
-
http://support.citrix.com/article/CTX202404
Citrix XenServer Multiple Security Updates
-
https://security.gentoo.org/glsa/201604-03
Xen: Multiple vulnerabilities (GLSA 201604-03) — Gentoo security
-
http://www.securityfocus.com/bid/77366
Xen CVE-2015-7835 Privilege Escalation Vulnerability
-
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-022-2015.txt
qubes-secpack/qsb-022-2015.txt at master · QubesOS/qubes-secpack · GitHubVendor Advisory
-
http://www.debian.org/security/2015/dsa-3390
Debian -- Security Information -- DSA-3390-1 xen
Jump to