CVE-2016-9385 — Improper Input Validation in Citrix Xenserver

CWE-20 — Improper Input Validation8 documents7 sources

Severity

6.0MEDIUMNVD

EPSS

0.1%

top 71.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Citrix Xenserver

Timeline

PublishedJan 23

Latest updateMay 17

Description

The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages3 packages

▶Debianxen/xen< 4.8.0-1+3

▶NVDxen/xen16 versions+15

▶NVDcitrix/xenserver4 versions+3

Patches

Patch: xenbits.xen.org ↗Patch: support.citrix.com ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-3fqp-fm32-6g9x: The x86 segment base write emulation functionality in Xen 4↗2022-05-17

▶

OSV

CVE-2016-9385: The x86 segment base write emulation functionality in Xen 4↗2017-01-23

▶

CVEList

CVE-2016-9385: The x86 segment base write emulation functionality in Xen 4↗2017-01-23

▶

📋Vendor Advisories

Red Hat

xen: x86 segment base write emulation lacking canonical address checks (XSA-193)↗2016-11-22

▶

Debian

CVE-2016-9385: xen - The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x al...↗2016

▶

💬Community

Bugzilla

CVE-2016-9377 CVE-2016-9378 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9384 CVE-2016-9385 CVE-2016-9386 xen: various flaws [fedora-all]↗2016-11-22

▶

Bugzilla

CVE-2016-9385 xsa193 xen: x86 segment base write emulation lacking canonical address checks (XSA-193)↗2016-11-08

▶