Lucene search

[email protected]CVE-2016-9377

HistoryFeb 22, 2017 - 4:59 p.m.

CVE-2016-9377

2017-02-2216:59:00

CWE-682

[email protected]

web.nvd.nist.gov

xen

cve-2016-9377

nrip

amd

denial of service

idt

miscalculation

vulnerability

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%

JSON

Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.

Affected configurations

NVD

Node

xenxenMatch4.5.0

xenxenMatch4.5.1

xenxenMatch4.5.2

xenxenMatch4.5.3

xenxenMatch4.5.5

xenxenMatch4.6.0

xenxenMatch4.6.1

xenxenMatch4.6.3

xenxenMatch4.6.4

xenxenMatch4.7.0

xenxenMatch4.7.1

CPENameOperatorVersion
xen:xenxeneq4.5.0
xen:xenxeneq4.5.1
xen:xenxeneq4.5.2
xen:xenxeneq4.5.3
xen:xenxeneq4.5.5
xen:xenxeneq4.6.0
xen:xenxeneq4.6.1
xen:xenxeneq4.6.3
xen:xenxeneq4.6.4
xen:xenxeneq4.7.0

CPE	Name	Operator	Version
xen:xen	xen	eq	4.5.0
xen:xen	xen	eq	4.5.1
xen:xen	xen	eq	4.5.2
xen:xen	xen	eq	4.5.3
xen:xen	xen	eq	4.5.5
xen:xen	xen	eq	4.6.0
xen:xen	xen	eq	4.6.1
xen:xen	xen	eq	4.6.3
xen:xen	xen	eq	4.6.4
xen:xen	xen	eq	4.7.0