Main Vulnerability Database Vulnerabilities #VU32220

Incorrect calculation in Xen - CVE-2016-9377

Published: February 22, 2017 / Updated: July 28, 2020

Vulnerability identifier: #VU32220

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-9377

CWE-ID: CWE-682

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Xen Project

Affected software:
Xen

Detailed vulnerability description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.

How to mitigate CVE-2016-9377

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/94475
http://www.securitytracker.com/id/1037345
http://xenbits.xen.org/xsa/advisory-196.html
https://security.gentoo.org/glsa/201612-56

Incorrect calculation in Xen - CVE-2016-9377

Detailed vulnerability description

How to mitigate CVE-2016-9377

Sources

Please verify you're human