CVE-2016-5242

Name of the Vulnerable Software and Affected Versions Xen versions 4.4.x through 4.6.x

Description The issue allows local guest OS users with access to the driver domain to cause a denial of service, resulting in a NULL pointer dereference and host OS crash. This is achieved by creating concurrent domains and holding references to them, which is related to VMID exhaustion.

Recommendations For Xen versions 4.4.x through 4.6.x, consider restricting access to the p2m teardown function in the driver domain to prevent concurrent domain creation and mitigate the risk of a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.