CVE-2016-2271

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP.

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177990.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178518.html

http://support.citrix.com/article/CTX209443

http://www.debian.org/security/2016/dsa-3519

http://www.securitytracker.com/id/1035043

http://xenbits.xen.org/xsa/advisory-170.html

https://security.gentoo.org/glsa/201604-03

Details

Source: MITRE

Published: 2016-02-19

Updated: 2017-07-01

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
93177SUSE SLES11 Security Update : xen (SUSE-SU-2016:1745-1)NessusSuSE Local Security Checks
critical
91649SUSE SLES10 Security Update : Xen (SUSE-SU-2016:1445-1)NessusSuSE Local Security Checks
high
91249SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2016:1318-1)NessusSuSE Local Security Checks
critical
91198Debian DLA-479-1 : xen security updateNessusDebian Local Security Checks
high
90759SUSE SLES11 Security Update : xen (SUSE-SU-2016:1154-1)NessusSuSE Local Security Checks
critical
90478openSUSE Security Update : xen (openSUSE-2016-439)NessusSuSE Local Security Checks
critical
90396SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2016:0955-1)NessusSuSE Local Security Checks
critical
90380GLSA-201604-03 : Xen: Multiple vulnerabilities (Venom)NessusGentoo Local Security Checks
critical
90186SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2016:0873-1)NessusSuSE Local Security Checks
critical
90030Debian DSA-3519-1 : xen - security updateNessusDebian Local Security Checks
high
89705Fedora 22 : xen-4.5.2-8.fc22 (2016-f8121efdac)NessusFedora Local Security Checks
medium
89629Fedora 23 : xen-4.5.2-8.fc23 (2016-e48f4bd14f)NessusFedora Local Security Checks
medium
89013FreeBSD : xen-kernel -- VMX: guest user mode may crash guest with non-canonical RIP (81f9d6a4-ddaf-11e5-b2bd-002590263bf5)NessusFreeBSD Local Security Checks
medium