CVE-2016-2271 — XEN vulnerability

7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 79.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedFeb 19

Latest updateMay 17

Description

VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/xen< xen 4.8.0~rc3-1 (bookworm)

▶Debianxen/xen< 4.8.0~rc3-1+3

▶NVDxen/xen4.6.0, 4.6.1+1

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-wqc2-67r3-gjj5: VMX in Xen 4↗2022-05-17

▶

OSV

CVE-2016-2271: VMX in Xen 4↗2016-02-19

▶

📋Vendor Advisories

Red Hat

xen: guest user mode may crash guest with non-canonical RIP (XSA-170)↗2016-02-17

▶

Debian

CVE-2016-2271: xen - VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM...↗2016

▶

💬Community

Bugzilla

CVE-2016-2271 xsa170 xen: guest user mode may crash guest with non-canonical RIP (XSA-170) [fedora-all]↗2016-02-17

▶

Bugzilla

CVE-2016-2271 xsa170 xen: guest user mode may crash guest with non-canonical RIP (XSA-170)↗2016-02-04

▶