ID CVE-2016-3960
Summary Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>
References
Vulnerable Configurations
  • cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 03-12-2016 - 03:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 86318
confirm
debian DSA-3554
fedora
  • FEDORA-2016-35d7b09908
  • FEDORA-2016-48e72b7bc5
  • FEDORA-2016-75063477ca
sectrack 1035587
Last major update 03-12-2016 - 03:27
Published 19-04-2016 - 14:59
Last modified 03-12-2016 - 03:27
Back to Top