FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-kernel -- some pmu and profiling hypercalls log without rate limiting

Affected packages
3.2 <= xen-kernel < 4.5.1_1

Details

VuXML ID e4848ca4-8820-11e5-ab94-002590263bf5
Discovery 2015-10-29
Entry 2015-11-11

The Xen Project reports:

HYPERCALL_xenoprof_op and HYPERVISOR_xenpmu_op log some errors and attempts at invalid operations. These log messages are not rate-limited, even though they can be triggered by guests.

A malicious guest could cause repeated logging to the hypervisor console, leading to a Denial of Service attack.

References

CVE Name CVE-2015-7971
URL http://xenbits.xen.org/xsa/advisory-152.html