CVE-2016-3960

CWE-2648 documents7 sources
Severity
8.8HIGH
EPSS
0.1%
top 77.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fedoraproject FedoraOracle VM Server
Timeline
PublishedApr 19
Latest updateMay 17

Description

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

Debianxen< 4.8.0~rc3-1+3
NVDoracle/vm_server3.2, 3.3, 3.4+2

Also affects: Fedora 22, 23, 24

Patches

Patch: xenbits.xen.orgPatch: xenbits.xen.org

🔴Vulnerability Details

3
GHSA
GHSA-m63c-3j47-fcfw: Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privil2022-05-17
CVEList
CVE-2016-3960: Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privil2016-04-19
OSV
CVE-2016-3960: Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privil2016-04-19

📋Vendor Advisories

2
Red Hat
xen: x86 shadow pagetables: address width overflow (XSA-173)2016-04-18
Debian
CVE-2016-3960: xen - Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS u...2016

💬Community

2
Bugzilla
CVE-2016-3960 xsa173 xen: x86 shadow pagetables: address width overflow (XSA-173) [fedora-all]2016-04-18
Bugzilla
CVE-2016-3960 xsa173 xen: x86 shadow pagetables: address width overflow (XSA-173)2016-04-05
CVE-2016-3960 (HIGH CVSS 8.8) | Integer overflow in the x86 shadow | cvebase.io