[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2016:2507-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":34,"duplicates":35,"related":36,"reserved_at":9,"published_at":47,"modified_at":48,"state":9,"summary":49,"references_raw":51,"kevs":172,"epss":9,"epss_history":173,"metrics":174,"affected":175},"SUSE-SU-2016:2507-1","Security update for xen\n\nThis update for xen fixes several issues.\n\nThese security issues were fixed:\n- CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785)\n- CVE-2016-7093: Xen allowed local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation (bsc#995789)\n- CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792)\n- CVE-2016-7154: Use-after-free vulnerability in the FIFO event channel code in Xen allowed local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number (bsc#997731)\n- CVE-2016-6836: VMWARE VMXNET3 NIC device allowed privileged user inside the guest to leak information. It occured while processing transmit(tx) queue, when it reaches the end of packet (bsc#994761)\n- CVE-2016-6888: A integer overflow int the VMWARE VMXNET3 NIC device support, during the initialisation of new packets in the device, could have allowed a privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994772)\n- CVE-2016-6833: A use-after-free issue in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994775)\n- CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC device support, causing an OOB read access (bsc#994625)\n- CVE-2016-6834: A infinite loop during packet fragmentation in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994421)\n- CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675)\n\nThese non-security issues were fixed:\n- bsc#993507: virsh detach-disk failing to detach disk\n- bsc#991934: Xen hypervisor crash in csched_acct\n- bsc#992224: During boot of Xen Hypervisor, Failed to get contiguous memory for DMA\n- bsc#970135: New virtualization project clock test randomly fails on Xen \n- bsc#994136: Unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol\n- bsc#994136: xen_platform: unplug also SCSI disks in qemu-xen\n- bsc#971949: xl: Support (by ignoring) xl migrate --live. xl migrations are always live\n- bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79)\n- bsc#966467: Live Migration SLES 11 SP3 to SP4 on AMD\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32],{"_key":15},"CVE-2016-6258",{"_key":17},"CVE-2016-6833",{"_key":19},"CVE-2016-6834",{"_key":21},"CVE-2016-6835",{"_key":23},"CVE-2016-6836",{"_key":25},"CVE-2016-6888",{"_key":27},"CVE-2016-7092",{"_key":29},"CVE-2016-7093",{"_key":31},"CVE-2016-7094",{"_key":33},"CVE-2016-7154",[],[],[37,38,39,40,41,42,43,44,45,46],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},"2016-10-12T09:34:10Z","2026-02-04T04:11:40.537088Z",{"cisa_kev":50,"cisa_ransomware":50,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[52,58,63,67,71,75,79,83,87,91,95,99,103,107,111,115,119,123,127,131,136,140,144,148,152,156,160,164,168],{"url":53,"sources":54,"tags":56},"https://www.suse.com/support/update/announcement/2016/suse-su-20162507-1/",[55],"osv_suse",[57],"Advisory",{"url":59,"sources":60,"tags":61},"https://bugzilla.suse.com/966467",[55],[62],"REPORT",{"url":64,"sources":65,"tags":66},"https://bugzilla.suse.com/970135",[55],[62],{"url":68,"sources":69,"tags":70},"https://bugzilla.suse.com/971949",[55],[62],{"url":72,"sources":73,"tags":74},"https://bugzilla.suse.com/988675",[55],[62],{"url":76,"sources":77,"tags":78},"https://bugzilla.suse.com/990970",[55],[62],{"url":80,"sources":81,"tags":82},"https://bugzilla.suse.com/991934",[55],[62],{"url":84,"sources":85,"tags":86},"https://bugzilla.suse.com/992224",[55],[62],{"url":88,"sources":89,"tags":90},"https://bugzilla.suse.com/993507",[55],[62],{"url":92,"sources":93,"tags":94},"https://bugzilla.suse.com/994136",[55],[62],{"url":96,"sources":97,"tags":98},"https://bugzilla.suse.com/994421",[55],[62],{"url":100,"sources":101,"tags":102},"https://bugzilla.suse.com/994625",[55],[62],{"url":104,"sources":105,"tags":106},"https://bugzilla.suse.com/994761",[55],[62],{"url":108,"sources":109,"tags":110},"https://bugzilla.suse.com/994772",[55],[62],{"url":112,"sources":113,"tags":114},"https://bugzilla.suse.com/994775",[55],[62],{"url":116,"sources":117,"tags":118},"https://bugzilla.suse.com/995785",[55],[62],{"url":120,"sources":121,"tags":122},"https://bugzilla.suse.com/995789",[55],[62],{"url":124,"sources":125,"tags":126},"https://bugzilla.suse.com/995792",[55],[62],{"url":128,"sources":129,"tags":130},"https://bugzilla.suse.com/997731",[55],[62],{"url":132,"sources":133,"tags":134},"https://www.suse.com/security/cve/CVE-2016-6258",[55],[135],"WEB",{"url":137,"sources":138,"tags":139},"https://www.suse.com/security/cve/CVE-2016-6833",[55],[135],{"url":141,"sources":142,"tags":143},"https://www.suse.com/security/cve/CVE-2016-6834",[55],[135],{"url":145,"sources":146,"tags":147},"https://www.suse.com/security/cve/CVE-2016-6835",[55],[135],{"url":149,"sources":150,"tags":151},"https://www.suse.com/security/cve/CVE-2016-6836",[55],[135],{"url":153,"sources":154,"tags":155},"https://www.suse.com/security/cve/CVE-2016-6888",[55],[135],{"url":157,"sources":158,"tags":159},"https://www.suse.com/security/cve/CVE-2016-7092",[55],[135],{"url":161,"sources":162,"tags":163},"https://www.suse.com/security/cve/CVE-2016-7093",[55],[135],{"url":165,"sources":166,"tags":167},"https://www.suse.com/security/cve/CVE-2016-7094",[55],[135],{"url":169,"sources":170,"tags":171},"https://www.suse.com/security/cve/CVE-2016-7154",[55],[135],[],[],[],[176,189,193],{"ecosystem":177,"name":178,"vendor":179,"product":180,"cpe_part":9,"purl_type":181,"purl_namespace":179,"purl_name":180,"source":9,"versions":182},"SUSE Linux Enterprise","xen","suse","xen&distro=SUSE Linux Enterprise Server 11 SP4","rpm",[183],{"version":184,"is_range":185,"range_type":186,"version_start":9,"version_start_type":9,"version_end":187,"version_end_type":188,"fixed_in":9},"lt4_4_4_08_40_2",true,"ecosystem","4.4.4_08-40.2","excluding",{"ecosystem":177,"name":178,"vendor":179,"product":190,"cpe_part":9,"purl_type":181,"purl_namespace":179,"purl_name":190,"source":9,"versions":191},"xen&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4",[192],{"version":184,"is_range":185,"range_type":186,"version_start":9,"version_start_type":9,"version_end":187,"version_end_type":188,"fixed_in":9},{"ecosystem":177,"name":178,"vendor":179,"product":194,"cpe_part":9,"purl_type":181,"purl_namespace":179,"purl_name":194,"source":9,"versions":195},"xen&distro=SUSE Linux Enterprise Software Development Kit 11 SP4",[196],{"version":184,"is_range":185,"range_type":186,"version_start":9,"version_start_type":9,"version_end":187,"version_end_type":188,"fixed_in":9}]