CVE-2016-2270 — MEDIUM (6.8)

Q: What is CVE-2016-2270?

CVE-2016-2270 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.

Q: How severe is CVE-2016-2270?

CVE-2016-2270 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-2270?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Fedoraproject Fedora, Xen Xen, Oracle Vm Server.

Vulnerability Description

Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.

CVSS Score

6.8

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Debian	Debian Linux	7.0
Fedoraproject	Fedora	22
Xen	Xen	<= 4.6.1
Oracle	Vm Server	3.4

Related Weaknesses (CWE)

CWE-20

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177990.hThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178518.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3519Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmVendor Advisory
http://www.securitytracker.com/id/1035042Third Party AdvisoryVDB Entry
http://xenbits.xen.org/xsa/advisory-154.htmlPatchVendor Advisory
https://security.gentoo.org/glsa/201604-03
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177990.hThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178518.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3519Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmVendor Advisory
http://www.securitytracker.com/id/1035042Third Party AdvisoryVDB Entry
http://xenbits.xen.org/xsa/advisory-154.htmlPatchVendor Advisory
https://security.gentoo.org/glsa/201604-03

FAQ

What is CVE-2016-2270?

CVE-2016-2270 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.

How severe is CVE-2016-2270?

CVE-2016-2270 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2270?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Fedoraproject Fedora, Xen Xen, Oracle Vm Server.