CVE-2016-7094

Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.1 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
xenxen
𝑥
≤ 4.7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
xenial
Fixed 4.6.0-1ubuntu4.2
released
trusty
Fixed 4.4.2-0ubuntu0.14.04.7
released
precise
Fixed 4.1.6.1-0ubuntu0.12.04.12
released
Common Weakness Enumeration
References
http://support.citrix.com/article/CTX216071
http://www.debian.org/security/2016/dsa-3663
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/92864
http://www.securitytracker.com/id/1036753
http://xenbits.xen.org/xsa/advisory-187.html
http://xenbits.xen.org/xsa/xsa187-0001-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch
https://security.gentoo.org/glsa/201611-09
http://support.citrix.com/article/CTX216071
http://www.debian.org/security/2016/dsa-3663
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/92864
http://www.securitytracker.com/id/1036753
http://xenbits.xen.org/xsa/advisory-187.html
http://xenbits.xen.org/xsa/xsa187-0001-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch
https://security.gentoo.org/glsa/201611-09