Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly handled in the do_physdev_op function in arch/arm/physdev.c, or (2) HYPERVISOR_hvm_op hypercalls, which are not properly handled in the do_hvm_op function in arch/arm/hvm.c.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xen xen 4.4.0 |
||
xen xen 4.4.1 |
||
xen xen 4.5.0 |
||
xen xen 4.5.1 |
||
xen xen 4.6.0 |
Big Red helpfully (?) only reveals the reasons for patches to those with support deals
Oracle has just pushed out its quarterly batch of critical patches, so sysadmins had best get busy. The bug-splat haul covers a record-setting 248 individual fixes, with the full list here. The Oracle E-Business Suite gets the biggest serve, with a whopping 78 bugs patched, 68 of which are remotely exploitable without authentication. As always, there's Java fixes in the mix: eight patches, of which seven are fixing remotely-exploitable no-authentication-needed vulnerabilities. Four are client-on...