CVE-2016-2270

CWE-20 — Improper Input Validation8 documents7 sources

Severity

6.8MEDIUM

EPSS

0.3%

top 47.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN XEN Debian Debian Linux Fedoraproject Fedora +1 more

Timeline

PublishedFeb 19

Latest updateMay 17

Description

Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 2.3 | Impact: 4.0

Affected Packages3 packages

▶Debianxen< 4.8.0~rc3-1+3

▶NVDxen/xen4.6.1

▶NVDoracle/vm_server3.4

Also affects: Debian Linux 7.0, 8.0, Fedora 22, 23

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-xrgf-45jw-vmmp: Xen 4↗2022-05-17

▶

OSV

CVE-2016-2270: Xen 4↗2016-02-19

▶

CVEList

CVE-2016-2270: Xen 4↗2016-02-19

▶

📋Vendor Advisories

Red Hat

xen: inconsistent cachability flags on guest mappings (XSA-154)↗2016-02-17

▶

Debian

CVE-2016-2270: xen - Xen 4.6.x and earlier allows local guest administrators to cause a denial of ser...↗2016

▶

💬Community

Bugzilla

CVE-2016-2270 xsa154 xen: inconsistent cachability flags on guest mappings (XSA-154) [fedora-all]↗2016-02-17

▶

Bugzilla

CVE-2016-2270 xsa154 xen: inconsistent cachability flags on guest mappings (XSA-154)↗2016-02-04

▶