CVE-2016-9377

MEDIUM

Xen 4.5.x-4.7.x - DoS

Title source: llm

Description

Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.

References (4)

[Patch, Vendor Advisory] http://xenbits.xen.org/xsa/advisory-196.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94475

[Third Party Advisory] https://security.gentoo.org/glsa/201612-56

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037345

Scores

CVSS v3 5.5

EPSS 0.0007

EPSS Percentile 21.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-682

Status draft

Affected Products (11)

xen/xen

Timeline

Published Feb 22, 2017

Tracked Since Feb 18, 2026