Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEMincreasereservation, (2) XENMEMpopulatephysmap, (3) XENMEMexchange, and possibly other HYPERVISORmemory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "xenstore-utils-dbgsym": "4.4.2-0ubuntu0.14.04.4", "libxenstore3.0": "4.4.2-0ubuntu0.14.04.4", "libxen-4.4": "4.4.2-0ubuntu0.14.04.4", "libxenstore3.0-dbgsym": "4.4.2-0ubuntu0.14.04.4", "libxen-ocaml-dev": "4.4.2-0ubuntu0.14.04.4", "libxen-dev": "4.4.2-0ubuntu0.14.04.4", "xen-utils-4.4-dbgsym": "4.4.2-0ubuntu0.14.04.4", "xen-hypervisor-4.3-amd64": "4.4.2-0ubuntu0.14.04.4", "xen-hypervisor-4.3-armhf": "4.4.2-0ubuntu0.14.04.4", "xen-system-amd64": "4.4.2-0ubuntu0.14.04.4", "xen-hypervisor-4.4-arm64": "4.4.2-0ubuntu0.14.04.4", "libxen-ocaml": "4.4.2-0ubuntu0.14.04.4", "xenstore-utils": "4.4.2-0ubuntu0.14.04.4", "xen-system-armhf": "4.4.2-0ubuntu0.14.04.4", "xen-hypervisor-4.1-amd64": "4.4.2-0ubuntu0.14.04.4", "xen-hypervisor-4.4-armhf": "4.4.2-0ubuntu0.14.04.4", "xen-hypervisor-4.4-amd64": "4.4.2-0ubuntu0.14.04.4", "xen-utils-common": "4.4.2-0ubuntu0.14.04.4", "libxen-ocaml-dbgsym": "4.4.2-0ubuntu0.14.04.4", "xen-utils-4.4": "4.4.2-0ubuntu0.14.04.4", "libxen-4.4-dbgsym": "4.4.2-0ubuntu0.14.04.4", "xen-system-arm64": "4.4.2-0ubuntu0.14.04.4" } ] }