CVE-2016-5242

EUVD-2016-6193
The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.6 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
xenxen
4.4.0
xenxen
4.4.0:rc1
xenxen
4.4.1
xenxen
4.4.2
xenxen
4.4.3
xenxen
4.4.4
xenxen
4.5.0
xenxen
4.5.1
xenxen
4.5.2
xenxen
4.5.3
xenxen
4.6.0
xenxen
4.6.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
precise
not-affected
trusty
Fixed 4.4.2-0ubuntu0.14.04.6
released
wily
Fixed 4.5.1-0ubuntu1.4
released
xenial
Fixed 4.6.0-1ubuntu4.1
released
References
http://www.debian.org/security/2016/dsa-3633
http://www.securityfocus.com/bid/91015
http://www.securitytracker.com/id/1036035
http://xenbits.xen.org/xsa/advisory-181.html
http://www.debian.org/security/2016/dsa-3633
http://www.securityfocus.com/bid/91015
http://www.securitytracker.com/id/1036035
http://xenbits.xen.org/xsa/advisory-181.html