GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Xen | Xen | 4.2.2 | 4.2.2 |
Xen | Xen | 4.2.3 | 4.2.3 |
Xen | Xen | 4.3.0 | 4.3.0 |
Xen | Xen | 4.4.0 | 4.4.0 |
Xen | Xen | 4.2.0 | 4.2.0 |
Xen | Xen | 4.4.1 | 4.4.1 |
Xen | Xen | 4.3.4 | 4.3.4 |
Xen | Xen | 4.3.1 | 4.3.1 |
Xen | Xen | 4.2.1 | 4.2.1 |
Xen | Xen | 4.5.0 | 4.5.0 |
Xen | Xen | 4.4.0 | 4.4.0 |