Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.1
CVSSv3

CVE-2016-7094

Published: 21/09/2016 Updated: 01/07/2017
CVSS v2 Base Score: 1.5 | Impact Score: 2.9 | Exploitability Score: 2.7
CVSS v3 Base Score: 4.1 | Impact Score: 3.6 | Exploitability Score: 0.5
VMScore: 134
Vector: AV:L/AC:M/Au:S/C:N/I:N/A:P
Subscribe to Xen

Vulnerability Summary

Buffer overflow in Xen 4.7.x and previous versions allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.

Vulnerable Product Search on Vulmon Subscribe to Product

xen xen

Vendor Advisories

Debian Security Advisories: DSA-3663-1 xen -- security update
Multiple vulnerabilities have been discovered in the Xen hypervisor The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-7092 (XSA-185) Jeremie Boutoille of Quarkslab and Shangcong Luan of Alibaba discovered a flaw in the handling of L3 pagetable entries, allowing a malicious 32-bit PV guest adm ...
Citrix Security Bulletins: Citrix XenServer Multiple Security Updates
Description of Problem A number of security vulnerabilities have been identified in Citrix XenServer that may allow malicious privileged code running within a guest VM to compromise the host These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 70 The following vulnerabilities have ...

Recent Articles

Hypervisor security ero-Xen: How guest VMs can hijack host servers
The Register • Chris Williams, Editor in Chief • 08 Sep 2016

Triple whammy of bugs in popular open-source platform

Analysis The Xen project has today patched four security bugs in its open-source hypervisor – three potentially allowing guest virtual machines to take over their host servers. The other programming cockup allows a guest to crash the underlying machine. This is not great news for cloud providers or anyone else running untrusted VMs on their hardware and relying on Xen, because the three holes can be exploited by malicious guests to escape their confines and attack other virtual machines or the...

Read more...

References

CWE-119http://support.citrix.com/article/CTX216071http://xenbits.xen.org/xsa/xsa187-0001-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patchhttp://www.securitytracker.com/id/1036753http://xenbits.xen.org/xsa/advisory-187.htmlhttp://www.securityfocus.com/bid/92864http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.debian.org/security/2016/dsa-3663https://security.gentoo.org/glsa/201611-09https://nvd.nist.govhttps://www.debian.org/security/./dsa-3663
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook