GNTTABOP_swap_grant_ref in Xen 4.2 up to and including 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xen xen 4.3.0 |
||
xen xen 4.3.1 |
||
xen xen 4.2.0 |
||
xen xen 4.2.1 |
||
xen xen 4.4.0 |
||
xen xen 4.4.1 |
||
xen xen 4.3.4 |
||
xen xen 4.2.2 |
||
xen xen 4.2.3 |
||
xen xen 4.5.0 |