CVE-2016-7094
MEDIUMXen < 4.7.0 - Denial of Service via Pagetable Update
Title source: llmDescription
Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.
References (8)
Core 8
Core References
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3663
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92864
Patch, Vendor Advisory x_refsource_confirm
http://xenbits.xen.org/xsa/advisory-187.html
Third Party Advisory x_refsource_confirm
http://support.citrix.com/article/CTX216071
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036753
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201611-09
Patch, Vendor Advisory x_refsource_confirm
http://xenbits.xen.org/xsa/xsa187-0001-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch
Scores
CVSS v3
4.1
EPSS
0.0007
EPSS Percentile
21.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
Status
published
Products (1)
xen/xen
< 4.7.0
Published
Sep 21, 2016
Tracked Since
Feb 18, 2026