CVE-2015-4163
EPSS 0.12%
Description
GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.
How to fix CVE-2015-4163
To remediate CVE-2015-4163, upgrade the affected package to a fixed version below.
- Debian/xen—upgrade to 4.6.0-1 or later
Is CVE-2015-4163 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.6.0-1