CVE-2016-1571

The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
citrixxenserver
𝑥
≤ 6.5
xenxen
3.3.0
xenxen
3.3.1
xenxen
3.3.2
xenxen
3.4.0
xenxen
3.4.1
xenxen
3.4.2
xenxen
3.4.3
xenxen
3.4.4
xenxen
4.1.0
xenxen
4.1.1
xenxen
4.1.2
xenxen
4.1.3
xenxen
4.1.4
xenxen
4.1.5
xenxen
4.1.6
xenxen
4.1.6.1
xenxen
4.2.0
xenxen
4.2.1
xenxen
4.2.2
xenxen
4.2.3
xenxen
4.2.4
xenxen
4.2.5
xenxen
4.3.0
xenxen
4.3.1
xenxen
4.3.2
xenxen
4.3.3
xenxen
4.3.4
xenxen
4.4.0
xenxen
4.4.0:rc1
xenxen
4.4.1
xenxen
4.4.2
xenxen
4.4.3
xenxen
4.5.0
xenxen
4.5.1
xenxen
4.5.2
xenxen
4.6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
wily
Fixed 4.5.1-0ubuntu1.3
released
vivid
ignored
trusty
Fixed 4.4.2-0ubuntu0.14.04.5
released
precise
Fixed 4.1.6.1-0ubuntu0.12.04.10
released
Common Weakness Enumeration
References
http://support.citrix.com/article/CTX205496
http://www.debian.org/security/2016/dsa-3519
http://www.securitytracker.com/id/1034745
http://xenbits.xen.org/xsa/advisory-168.html
http://support.citrix.com/article/CTX205496
http://www.debian.org/security/2016/dsa-3519
http://www.securitytracker.com/id/1034745
http://xenbits.xen.org/xsa/advisory-168.html