The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xen xen 4.2.0 |
||
xen xen 4.2.1 |
||
xen xen 4.2.2 |
||
xen xen 4.4.0 |
||
xen xen 4.3.0 |
||
xen xen 4.2.3 |
||
xen xen 4.3.1 |