6.2

CVE-2016-6259

Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XenXen Version4.5.0
XenXen Version4.5.1
XenXen Version4.5.2
XenXen Version4.5.3
XenXen Version4.6.0
XenXen Version4.6.1
XenXen Version4.6.3
XenXen Version4.7.0
CitrixXenserver Version6.0
CitrixXenserver Version6.0.2
CitrixXenserver Version6.1
CitrixXenserver Version6.2.0 Updatesp1
CitrixXenserver Version6.5.0 Updatesp1
CitrixXenserver Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.64% 0.458
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.2 2.5 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://support.citrix.com/article/CTX214954
Vendor Advisory
http://www.securityfocus.com/bid/92130
Third Party Advisory
http://www.securitytracker.com/id/1036447
Third Party Advisory
http://xenbits.xen.org/xsa/advisory-183.html
Patch
Mailing List
http://xenbits.xen.org/xsa/xsa183-4.6.patch
Patch
Mitigation
http://xenbits.xen.org/xsa/xsa183-unstable.patch
Patch
Mitigation