CVE-2016-9385

MEDIUM

Xen 4.4.x-4.7.x - DoS

Title source: llm

Description

The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.

References (5)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94472

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037342

[Patch, Vendor Advisory] http://xenbits.xen.org/xsa/advisory-193.html

[Patch, Third Party Advisory, VDB Entry] https://support.citrix.com/article/CTX218775

[Third Party Advisory] https://security.gentoo.org/glsa/201612-56

Scores

CVSS v3 6.0

EPSS 0.0010

EPSS Percentile 28.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Classification

CWE

CWE-20

Status published

Affected Products (21)

xen/xen

... and 6 more

Timeline

Published Jan 23, 2017

Tracked Since Feb 18, 2026