Description
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 1.8 | Impact: 4.0Attack Vector: Network
Complexity: High
Privileges: Low
User Interaction: None
Scope: Changed
Confidentiality: None
Integrity: None
Availability: High
Affected Packages3 packages
🔴Vulnerability Details
3GHSAGHSA-rh8h-9p3w-xjvv: The paging_invlpg function in include/asm-x86/paging↗2022-05-14 OSVCVE-2016-1571: The paging_invlpg function in include/asm-x86/paging↗2016-01-22 CVEListCVE-2016-1571: The paging_invlpg function in include/asm-x86/paging↗2016-01-22 📋Vendor Advisories
2Red Hatxen: Intercept issue with INVLPG on non-canonical address causing host to crash↗2016-01-20 DebianCVE-2016-1571: xen - The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6....↗2016 💬Community
2BugzillaCVE-2016-1571 xen: Intercept issue with INVLPG on non-canonical address causing host to crash [fedora-all]↗2016-01-20 BugzillaCVE-2016-1571 xen: Intercept issue with INVLPG on non-canonical address causing host to crash↗2016-01-07