Vulnerability Description
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | 3.4.0 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2016/dsa-3519
- http://www.securitytracker.com/id/1034744
- http://xenbits.xen.org/xsa/advisory-167.htmlVendor Advisory
- http://www.debian.org/security/2016/dsa-3519
- http://www.securitytracker.com/id/1034744
- http://xenbits.xen.org/xsa/advisory-167.htmlVendor Advisory
FAQ
What is CVE-2016-1570?
CVE-2016-1570 is a vulnerability with a CVSS score of 8.5 (HIGH). The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have...
How severe is CVE-2016-1570?
CVE-2016-1570 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-1570?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.