Main Vulnerability Database Vulnerabilities #VU32221

Improper access control in Xen - CVE-2016-9378

Published: February 22, 2017 / Updated: July 28, 2020

Vulnerability identifier: #VU32221

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-9378

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Xen Project

Affected software:
Xen

Detailed vulnerability description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery.

How to mitigate CVE-2016-9378

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/94475
http://www.securitytracker.com/id/1037345
http://xenbits.xen.org/xsa/advisory-196.html
https://security.gentoo.org/glsa/201612-56

Improper access control in Xen - CVE-2016-9378

Detailed vulnerability description

How to mitigate CVE-2016-9378

Sources

Please verify you're human