Main Vulnerability Database Vulnerabilities #VU392

Denial of service - #VU392

Published: September 9, 2016 / Updated: September 13, 2016

Vulnerability identifier: #VU392

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows local administrative user to cause denial of service on the host system.

The vulnerability is caused by drawbacks in the state information allocation.

Successful exploitation of this vulnerability will allow an attacker to trigger a denial of service on the vulnerable system.

Remediation

Install patched version from vendor's website:

xsa187-0001-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch

xsa187-0002-x86-segment-Bounds-check-accesses-to-emulation-ctxt-.patch

xsa187-4.4-0002-x86-segment-Bounds-check-accesses-to-emulation-ctx.patch

xsa187-4.6-0002-x86-segment-Bounds-check-accesses-to-emulation-ctx.patch

xsa187-4.7-0001-x86-shadow-Avoid-overflowing-sh_ctxt-seg.patch

xsa187-4.7-0002-x86-segment-Bounds-check-accesses-to-emulation-ctx.patch

Sources

http://xenbits.xen.org/xsa/advisory-187.html

Denial of service - #VU392

Detailed vulnerability description

Remediation

Sources

Please verify you're human