CVE-2016-9377

MEDIUM

Xen 4.5.x-4.7.x - DoS

Title source: llm

Description

Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.

References (4)

[Third Party Advisory] https://security.gentoo.org/glsa/201612-56

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94475

[Patch, Vendor Advisory] http://xenbits.xen.org/xsa/advisory-196.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037345

Scores

CVSS v3 5.5

EPSS 0.0007

EPSS Percentile 21.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-682

Status published

Products (11)

xen/xen 4.5.0

xen/xen 4.5.1

xen/xen 4.5.2

xen/xen 4.5.3

xen/xen 4.5.5

xen/xen 4.6.0

xen/xen 4.6.1

xen/xen 4.6.3

xen/xen 4.6.4

xen/xen 4.7.0

... and 1 more

Published Feb 22, 2017

Tracked Since Feb 18, 2026