PT-2016-1710 · Xen+2 · Xen+2

Vitaly Kuznetsov

Published

2016-04-15

Updated

2016-11-28

CVE-2016-3961

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Xen and the Linux kernel versions prior to 4.6

Description The issue arises from insufficient input validation in the Xen hypervisor, allowing a local attacker to cause a denial of service by attempting to access a hugetlbfs mapped area, resulting in a guest OS crash.

Recommendations For Xen and Linux kernel versions prior to 4.6, update to a version that properly suppresses hugetlbfs support in x86 PV guests to prevent the denial of service.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2016-01036

CVE-2016-3961

DLA-516-1

DSA-3607-1

MGASA-2016-0225

MGASA-2016-0232

MGASA-2016-0233

USN-3001-1

USN-3002-1

USN-3003-1

USN-3004-1

USN-3005-1

USN-3006-1

USN-3007-1

USN-3049-1

USN-3050-1

USN-3127-1

USN-3127-2

Affected Products

Linux Kernel

Ubuntu

Xen

PT-2016-1710 · Xen+2 · Xen+2

CVE-2016-3961

Weakness Enumeration

Related Identifiers

Affected Products

References · 107