Vulnerability Description
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Xenserver | <= 6.5 |
| Xen | Xen | 3.3.0 |
Related Weaknesses (CWE)
References
- http://support.citrix.com/article/CTX205496Third Party Advisory
- http://www.debian.org/security/2016/dsa-3519
- http://www.securitytracker.com/id/1034745Third Party Advisory
- http://xenbits.xen.org/xsa/advisory-168.htmlVendor Advisory
- http://support.citrix.com/article/CTX205496Third Party Advisory
- http://www.debian.org/security/2016/dsa-3519
- http://www.securitytracker.com/id/1034745Third Party Advisory
- http://xenbits.xen.org/xsa/advisory-168.htmlVendor Advisory
FAQ
What is CVE-2016-1571?
CVE-2016-1571 is a vulnerability with a CVSS score of 6.3 (MEDIUM). The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of ...
How severe is CVE-2016-1571?
CVE-2016-1571 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-1571?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Xenserver, Xen Xen.