CVE-2015-7970 : The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.

The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-consuming linear scan," related to Populate-on-Demand.

Published 2015-10-30 15:59:07

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2015-7970

XEN » XEN » Version: 3.4.1
cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 3.4.3
cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 3.4.4
cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 3.4.0
cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 3.4.2
cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-7970

EPSS FAQ

0.13%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 29 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-7970

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2015-7970

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-7970

http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html

openSUSE-SU-2015:2250-1: moderate: Security update for xen

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html

[SECURITY] Fedora 21 Update: xen-4.4.3-7.fc21

CVEs referencing this url
http://xenbits.xen.org/xsa/advisory-150.html

XSA-150 - Xen Security Advisories
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html

[SECURITY] Fedora 23 Update: xen-4.5.1-14.fc23

CVEs referencing this url
http://www.debian.org/security/2015/dsa-3414

Debian -- Security Information -- DSA-3414-1 xen

CVEs referencing this url
http://www.securityfocus.com/bid/77362

Xen CVE-2015-7970 Local Denial of Service Vulnerability
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html

[SECURITY] Fedora 22 Update: xen-4.5.1-14.fc22

CVEs referencing this url
http://support.citrix.com/article/CTX202404

Citrix XenServer Multiple Security Updates

CVEs referencing this url
https://security.gentoo.org/glsa/201604-03

Xen: Multiple vulnerabilities (GLSA 201604-03) — Gentoo security

CVEs referencing this url
http://www.securitytracker.com/id/1034034

Xen Populate-on-Demand Mode Memory Error Lets Local Users on a Guest System Cause Denial of Service Conditions on the Host System - SecurityTracker

Jump to

Vulnerability Details : CVE-2015-7970

Products affected by CVE-2015-7970

Exploit prediction scoring system (EPSS) score for CVE-2015-7970

CVSS scores for CVE-2015-7970

CWE ids for CVE-2015-7970

References for CVE-2015-7970