Vulnerability Details : CVE-2016-3960
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2016-3960
- cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-3960
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-3960
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
2.0
|
6.0
|
NIST |
CWE ids for CVE-2016-3960
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-3960
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html
[SECURITY] Fedora 22 Update: xen-4.5.3-2.fc22Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html
[SECURITY] Fedora 24 Update: xen-4.6.1-6.fc24Third Party Advisory
-
http://www.securityfocus.com/bid/86318
Xen CVE-2016-3960 NULL pointer Dereference Remote Denial of Service Vulnerability
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html
[SECURITY] Fedora 23 Update: xen-4.5.3-2.fc23Third Party Advisory
-
http://www.securitytracker.com/id/1035587
Xen x86 Shadow Pagetable Overflow Lets Local Guest Users Deny Service and Potentially Gain Elevated Privileges on the Host System - SecurityTracker
-
http://support.citrix.com/article/CTX209443
Citrix XenServer Multiple Security Updates
-
http://www.debian.org/security/2016/dsa-3554
Debian -- Security Information -- DSA-3554-1 xen
-
http://xenbits.xen.org/xsa/advisory-173.html
XSA-173 - Xen Security AdvisoriesPatch;Vendor Advisory
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Oracle VM Server for x86 Bulletin - July 2016Vendor Advisory
Jump to