CVE-2016-3960

Опубликовано: 19 апр. 2016

Источник: nvd

CVSS3: 8.8

CVSS2: 7.2

EPSS Низкий

Описание

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.

Комментарий

CWE-476: NULL Pointer Dereference

Ссылки

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html
Third Party Advisory
http://support.citrix.com/article/CTX209443
http://www.debian.org/security/2016/dsa-3554
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Vendor Advisory
http://www.securityfocus.com/bid/86318
http://www.securitytracker.com/id/1035587
http://xenbits.xen.org/xsa/advisory-173.html
Patch
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html
Third Party Advisory
http://support.citrix.com/article/CTX209443
http://www.debian.org/security/2016/dsa-3554
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Vendor Advisory
http://www.securityfocus.com/bid/86318
http://www.securitytracker.com/id/1035587
http://xenbits.xen.org/xsa/advisory-173.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*

cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*

cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00077

Низкий

8.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2016-3960

CVSS3: 8.8

ubuntu

почти 10 лет назад

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.

CVE-2016-3960

redhat

почти 10 лет назад

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.

CVE-2016-3960

CVSS3: 8.8

debian

почти 10 лет назад

Integer overflow in the x86 shadow pagetable code in Xen allows local ...

GHSA-m63c-3j47-fcfw

CVSS3: 8.8

github

больше 3 лет назад

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.

BDU:2016-01037

fstec

почти 10 лет назад

Уязвимость гипервизора Xen, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии

EPSS

Процентиль: 23%

0.00077

Низкий

8.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-264