Vulnerabilities > CVE-2016-5242 - Unspecified vulnerability in XEN
Attack vector
LOCAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 12 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2016-103752D2A9.NASL description Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO [CVE-2016-5338] (#1343323) Qemu: scsi: megasas: information leakage in megasas_ctrl_get_info [CVE-2016-5337] (#1343909) ---- fix for CVE-2016-2858 doesn last seen 2020-06-05 modified 2016-07-14 plugin id 92059 published 2016-07-14 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92059 title Fedora 23 : xen (2016-103752d2a9) NASL family Fedora Local Security Checks NASL id FEDORA_2016-389BE30B95.NASL description fix for CVE-2016-2858 doesn last seen 2020-06-05 modified 2016-07-14 plugin id 92081 published 2016-07-14 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92081 title Fedora 24 : xen (2016-389be30b95) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3633.NASL description Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-8338 Julien Grall discovered that Xen on ARM was susceptible to denial of service via long running memory operations. - CVE-2016-4480 Jan Beulich discovered that incorrect page table handling could result in privilege escalation inside a Xen guest instance. - CVE-2016-4962 Wei Liu discovered multiple cases of missing input sanitising in libxl which could result in denial of service. - CVE-2016-5242 Aaron Cornelius discovered that incorrect resource handling on ARM systems could result in denial of service. - CVE-2016-6258 Jeremie Boutoille discovered that incorrect pagetable handling in PV instances could result in guest to host privilege escalation. last seen 2020-06-01 modified 2020-06-02 plugin id 92614 published 2016-07-29 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92614 title Debian DSA-3633-1 : xen - security update (Bunker Buster)
References
- http://www.debian.org/security/2016/dsa-3633
- http://www.debian.org/security/2016/dsa-3633
- http://www.securityfocus.com/bid/91015
- http://www.securityfocus.com/bid/91015
- http://www.securitytracker.com/id/1036035
- http://www.securitytracker.com/id/1036035
- http://xenbits.xen.org/xsa/advisory-181.html
- http://xenbits.xen.org/xsa/advisory-181.html