CVE-2016-9378

MEDIUM

Xen 4.5.x-4.7.x - Denial of Service via Software Interrupt Delivery

Title source: llm
STIX 2.1

Description

Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery.

References (4)

Core 4
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201612-56
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94475
Patch, Vendor Advisory x_refsource_confirm
http://xenbits.xen.org/xsa/advisory-196.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037345

Scores

CVSS v3 5.5
EPSS 0.0006
EPSS Percentile 18.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-284
Status published
Products (11)
xen/xen 4.5.0
xen/xen 4.5.1
xen/xen 4.5.2
xen/xen 4.5.3
xen/xen 4.5.5
xen/xen 4.6.0
xen/xen 4.6.1
xen/xen 4.6.3
xen/xen 4.6.4
xen/xen 4.7.0
... and 1 more
Published Feb 22, 2017
Tracked Since Feb 18, 2026