Vulnerability Details : CVE-2016-9385
The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2016-9385
- cpe:2.3:a:citrix:xenserver:6.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:xenserver:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.5.5:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.6.4:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.7.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9385
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9385
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
6.0
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H |
1.5
|
4.0
|
NIST |
CWE ids for CVE-2016-9385
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9385
-
https://support.citrix.com/article/CTX218775
Citrix XenServer Multiple Security UpdatesPatch;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/94472
Xen CVE-2016-9385 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1037342
Xen x86 Register Write Emulation Validation Flaw Lets Local Users on a Guest System Cause Denial of Service Conditions on the Host System - SecurityTrackerThird Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/201612-56
Xen: Multiple vulnerabilities (GLSA 201612-56) — Gentoo security
-
http://xenbits.xen.org/xsa/advisory-193.html
XSA-193 - Xen Security AdvisoriesPatch;Vendor Advisory
Jump to