CVE-2016-10024 — Improper Input Validation in XEN

CWE-20 — Improper Input Validation8 documents7 sources

Severity

6.0MEDIUMNVD

EPSS

0.1%

top 65.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Citrix Xenserver

Timeline

PublishedJan 26

Latest updateMay 17

Description

Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages3 packages

▶Debianxen/xen< 4.8.0-1+3

▶NVDxen/xen4.8.0

▶NVDcitrix/xenserver4 versions+3

Patches

Patch: xenbits.xen.org ↗Patch: support.citrix.com ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-w5vf-65qx-rxw9: Xen through 4↗2022-05-17

▶

OSV

CVE-2016-10024: Xen through 4↗2017-01-26

▶

CVEList

CVE-2016-10024: Xen through 4↗2017-01-26

▶

📋Vendor Advisories

Red Hat

xen: x86 PV guests may be able to mask interrupts (XSA-202)↗2016-12-21

▶

Debian

CVE-2016-10024: xen - Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a ...↗2016

▶

💬Community

Bugzilla

CVE-2016-10024 CVE-2016-10025 xen: various flaws [fedora-all]↗2016-12-21

▶

Bugzilla

CVE-2016-10024 xsa202 xen: x86 PV guests may be able to mask interrupts (XSA-202)↗2016-12-08

▶