Vulnerability Description
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 14.04 |
| Xen | Xen | <= 4.5.3 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2016/dsa-3607
- http://www.securityfocus.com/bid/86068
- http://www.securitytracker.com/id/1035569Third Party AdvisoryVDB Entry
- http://www.ubuntu.com/usn/USN-3001-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3002-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3003-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3004-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3005-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3006-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3007-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3049-1
- http://www.ubuntu.com/usn/USN-3050-1
- http://xenbits.xen.org/xsa/advisory-174.htmlVendor Advisory
- http://xenbits.xen.org/xsa/xsa174.patchPatch
- http://www.debian.org/security/2016/dsa-3607
FAQ
What is CVE-2016-3961?
CVE-2016-3961 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to ...
How severe is CVE-2016-3961?
CVE-2016-3961 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3961?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Xen Xen.