CVE-2016-9818 — Improper Access Control in XEN

CWE-284 — Improper Access Control8 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 70.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedFeb 27

Latest updateMay 17

Description

Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.8.0-1 (bookworm)

▶Debianxen/xen< 4.8.0-1+3

▶NVDxen/xen4.7.0, 4.7.1+1

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-j7f7-w6cp-qxqc: Xen through 4↗2022-05-17

▶

OSV

CVE-2016-9818: Xen through 4↗2017-02-27

▶

📋Vendor Advisories

Red Hat

xen: ARM guests may induce host asynchronous abort (XSA-201)↗2016-11-29

▶

Debian

CVE-2016-9818: xen - Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (...↗2016

▶

💬Community

Bugzilla

CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818 xsa201 xen: ARM guests may induce host asynchronous abort (XSA-201) [fedora-all]↗2016-11-29

▶

Bugzilla

CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818 xsa201 xen: ARM guests may induce host asynchronous abort (XSA-201)↗2016-11-29

▶

Bugzilla

CVE-2014-9818 ImageMagick: out of bound access on malformed sun file↗2016-06-07

▶