5.5

CVE-2016-10025

VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XenXen Version4.6.0
XenXen Version4.6.1
XenXen Version4.6.3
XenXen Version4.6.4
XenXen Version4.7.0
XenXen Version4.7.1
XenXen Version4.8.0
CitrixXenserver Version6.0.2
CitrixXenserver Version6.2.0
CitrixXenserver Version6.5
CitrixXenserver Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.45% 0.357
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://support.citrix.com/article/CTX219378
Patch
Third Party Advisory
http://www.securityfocus.com/bid/95026
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037518
Third Party Advisory
VDB Entry
http://xenbits.xen.org/xsa/advisory-203.html
Patch
Vendor Advisory