CVE-2011-1166 — Improper Input Validation in XEN

CWE-20 — Improper Input Validation8 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 71.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedJan 7

Latest updateMay 17

Description

Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 5.1 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.1.0-1 (bookworm)

▶Debianxen/xen< 4.1.0-1+3

▶NVDxen/xen4.0.1+18

Patches

Patch: wiki.xen.org ↗Patch: wiki.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-cr7m-pjw9-g2r9: Xen, possibly before 4↗2022-05-17

▶

OSV

CVE-2011-1166: Xen, possibly before 4↗2014-01-07

▶

📋Vendor Advisories

Red Hat

kernel: xen: x86_64: fix error checking in arch_set_info_guest()↗2011-03-14

▶

Debian

CVE-2011-1166: xen - Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of s...↗2011

▶

💬Community

Bugzilla

CVE-2011-2378 Mozilla: Dangling pointer vulnerability in appendChild↗2011-08-14

▶

Bugzilla

CVE-2011-0084 Mozilla: Crash in SVGTextElement.getCharNumAtPosition()↗2011-08-14

▶

Bugzilla

CVE-2011-1166 kernel: xen: x86_64: fix error checking in arch_set_info_guest()↗2011-03-17

▶