NULL pointer dereference in Xen

1) NULL pointer dereference

EUVDB-ID: #VU32303

Risk: High

CVSSv4.0: 7.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Amber]

CVE-ID: CVE-2016-3960

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. <a href="http://cwe.mitre.org/data/definitions/476. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Xen: 4.24

CPE2.3

• cpe:2.3:a:xen_project:xen:4.24:*:*:*:*:*:*:*

External links

https://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html
https://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html
https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html
https://support.citrix.com/article/CTX209443
https://www.debian.org/security/2016/dsa-3554
https://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://www.securityfocus.com/bid/86318
https://www.securitytracker.com/id/1035587
https://xenbits.xen.org/xsa/advisory-173.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.