CVE-2016-7094

low-risk

Published 2016-09-21

Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.

Do I need to act?

0.07% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.1/10 Medium

LOCAL / HIGH complexity

Affected Products (1)

Xen

Affected Vendors

Xen

References (16)

Third Party Advisory http://support.citrix.com/article/CTX216071

http://www.debian.org/security/2016/dsa-3663

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htm...

Third Party Advisory http://www.securityfocus.com/bid/92864

Third Party Advisory http://www.securitytracker.com/id/1036753

Patch http://xenbits.xen.org/xsa/advisory-187.html

Patch http://xenbits.xen.org/xsa/xsa187-0001-x86-shadow-Avoid-overflowing-sh_ctxt-seg_...

https://security.gentoo.org/glsa/201611-09

Third Party Advisory http://support.citrix.com/article/CTX216071

http://www.debian.org/security/2016/dsa-3663

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htm...

Third Party Advisory http://www.securityfocus.com/bid/92864

Third Party Advisory http://www.securitytracker.com/id/1036753

Patch http://xenbits.xen.org/xsa/advisory-187.html

Patch http://xenbits.xen.org/xsa/xsa187-0001-x86-shadow-Avoid-overflowing-sh_ctxt-seg_...

https://security.gentoo.org/glsa/201611-09

/ 100

low-risk

Severity 11/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal