Vulnerability Description
The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | 4.4.0 |
References
- http://www.debian.org/security/2016/dsa-3633
- http://www.securityfocus.com/bid/91015
- http://www.securitytracker.com/id/1036035
- http://xenbits.xen.org/xsa/advisory-181.htmlVendor Advisory
- http://www.debian.org/security/2016/dsa-3633
- http://www.securityfocus.com/bid/91015
- http://www.securitytracker.com/id/1036035
- http://xenbits.xen.org/xsa/advisory-181.htmlVendor Advisory
FAQ
What is CVE-2016-5242?
CVE-2016-5242 is a vulnerability with a CVSS score of 5.6 (MEDIUM). The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS c...
How severe is CVE-2016-5242?
CVE-2016-5242 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5242?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.