CVE-2016-2270

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177990.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178518.html

http://www.debian.org/security/2016/dsa-3519

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securitytracker.com/id/1035042

http://xenbits.xen.org/xsa/advisory-154.html

https://security.gentoo.org/glsa/201604-03

Details

Source: MITRE

Published: 2016-02-19

Updated: 2017-07-01

Type: CWE-20

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.1

Severity: MEDIUM

CVSS v3

Base Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Impact Score: 4

Exploitability Score: 2.3

Severity: MEDIUM

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
93177SUSE SLES11 Security Update : xen (SUSE-SU-2016:1745-1)NessusSuSE Local Security Checks
critical
92601OracleVM 3.3 : xen (OVMSA-2016-0089)NessusOracleVM Local Security Checks
high
92600OracleVM 3.4 : xen (OVMSA-2016-0088) (Bunker Buster)NessusOracleVM Local Security Checks
high
91756OracleVM 3.2 : xen (OVMSA-2016-0081)NessusOracleVM Local Security Checks
high
91649SUSE SLES10 Security Update : Xen (SUSE-SU-2016:1445-1)NessusSuSE Local Security Checks
high
91249SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2016:1318-1)NessusSuSE Local Security Checks
critical
91198Debian DLA-479-1 : xen security updateNessusDebian Local Security Checks
high
90759SUSE SLES11 Security Update : xen (SUSE-SU-2016:1154-1)NessusSuSE Local Security Checks
critical
90478openSUSE Security Update : xen (openSUSE-2016-439)NessusSuSE Local Security Checks
critical
90396SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2016:0955-1)NessusSuSE Local Security Checks
critical
90380GLSA-201604-03 : Xen: Multiple vulnerabilities (Venom)NessusGentoo Local Security Checks
critical
90186SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2016:0873-1)NessusSuSE Local Security Checks
critical
90030Debian DSA-3519-1 : xen - security updateNessusDebian Local Security Checks
high
89705Fedora 22 : xen-4.5.2-8.fc22 (2016-f8121efdac)NessusFedora Local Security Checks
medium
89629Fedora 23 : xen-4.5.2-8.fc23 (2016-e48f4bd14f)NessusFedora Local Security Checks
medium