PT-2016-7239 · Xen+1 · Xen+1

Mikhail V Gorobets

Publicado

2016-09-09

Atualizado

2017-04-10

CVE-2016-7154

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Xen versions 4.4.x

Description The issue is related to a use-after-free vulnerability in the FIFO event channel code. This vulnerability allows local guest OS administrators to cause a denial of service, potentially leading to a host crash. It may also be possible for attackers to execute arbitrary code or obtain sensitive information by utilizing an invalid guest frame number.

Recommendations For Xen versions 4.4.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

CVE-2016-7154

DSA-3663-1

OPENSUSE-SU-2016_2497-1

SUSE-SU-2016:2507-1

SUSE-SU-2016:2533-1

Produtos afetados

Suse

Xen

PT-2016-7239 · Xen+1 · Xen+1

CVE-2016-7154

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 119