Vulnerability Details : CVE-2016-2270
Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2016-2270
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-2270
0.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-2270
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:S/C:N/I:N/A:C |
3.1
|
6.9
|
NIST | |
6.8
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H |
2.3
|
4.0
|
NIST |
CWE ids for CVE-2016-2270
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2270
-
http://www.securitytracker.com/id/1035042
Xen Cacheability Mapping Bug Lets Local Administrative Users on a Guest System Cause Denial of Service Conditions on the Host System - SecurityTrackerThird Party Advisory;VDB Entry
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177990.html
[SECURITY] Fedora 23 Update: xen-4.5.2-8.fc23Third Party Advisory
-
https://security.gentoo.org/glsa/201604-03
Xen: Multiple vulnerabilities (GLSA 201604-03) — Gentoo security
-
http://xenbits.xen.org/xsa/advisory-154.html
XSA-154 - Xen Security AdvisoriesVendor Advisory;Patch
-
http://www.debian.org/security/2016/dsa-3519
Debian -- Security Information -- DSA-3519-1 xenThird Party Advisory
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Oracle VM Server for x86 Bulletin - July 2016Vendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178518.html
[SECURITY] Fedora 22 Update: xen-4.5.2-8.fc22Third Party Advisory
Jump to