PT-2016-7239 · Xen+1 · Xen+1

Mikhail V Gorobets

Published

2016-09-09

Updated

2017-04-10

CVE-2016-7154

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Xen versions 4.4.x

Description The issue is related to a use-after-free vulnerability in the FIFO event channel code. This vulnerability allows local guest OS administrators to cause a denial of service, potentially leading to a host crash. It may also be possible for attackers to execute arbitrary code or obtain sensitive information by utilizing an invalid guest frame number.

Recommendations For Xen versions 4.4.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2016-7154

DSA-3663-1

OPENSUSE-SU-2016_2497-1

SUSE-SU-2016:2507-1

SUSE-SU-2016:2533-1

Affected Products

Suse

Xen

PT-2016-7239 · Xen+1 · Xen+1

CVE-2016-7154

Weakness Enumeration

Related Identifiers

Affected Products

References · 119