CVE-2016-5242

Advisory lineage Upstream: 0 Downstream: 4

Downstream

DEBIAN-CVE-2016-5242 DSA-3633-1 MGASA-2017-0012 UBUNTU-CVE-2016-5242

Modified

Published: 07 Jun 2016, 14:00

Last modified:06 Aug 2024, 00:53

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.6 MEDIUM

v3.0 (nvd)

EPSS Score

0.14% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

07 Jun 2016, 14:00

Published

Vulnerability first disclosed

06 Aug 2024, 00:53

Last Modified

Vulnerability information updated

Description

The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion.

CVSS Metrics

v3.0•MEDIUM•Score: 5.6CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
v2.0•MEDIUM•Score: 4.7AV:L/AC:M/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.14%• Percentile: 33%

Affected Systems

xen•xen
4.4.0 | 4.4.0:rc1 | 4.4.1 | 4.4.2 | 4.4.3 | 4.4.4 | 4.5.0 | 4.5.1 | 4.5.2 | 4.5.3 | 4.6.0 | 4.6.1