Total vulnerabilities in the database
The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.
| Software | From | Fixed in |
|---|---|---|
| xen / xen | 4.1.2 | 4.1.2.x |
| citrix / xenserver | 5.5 | 5.5.x |
| citrix / xenserver | - | 6.0.2.x |
| citrix / xenserver | 6.0 | 6.0.x |
| xen / xen | 4.1.1 | 4.1.1.x |
| xen / xen | 4.1.0 | 4.1.0.x |
| citrix / xenserver | 5.6 | 5.6.x |
| xen / xen | 4.1.3 | 4.1.3.x |
| citrix / xenserver | 5.0 | 5.0.x |
| citrix / xenserver | 5.6-sp2 | 5.6-sp2.x |
| citrix / xenserver | 5.6-fp1 | 5.6-fp1.x |