CVE-2016-7094
UnknownEPSS 0.40%
Last modified
CVE-2016-7094 is a vulnerability of currently unknown severity. Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.. EPSS estimates a 0.40% chance of exploitation in the next 30 days.
Description
Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | <= 4.7.0 |
References
- http://support.citrix.com/article/CTX216071Third Party Advisory
- http://www.securityfocus.com/bid/92864Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1036753Third Party Advisory, VDB Entry
- http://xenbits.xen.org/xsa/advisory-187.htmlPatch, Vendor Advisory
- http://support.citrix.com/article/CTX216071Third Party Advisory
- http://www.securityfocus.com/bid/92864Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1036753Third Party Advisory, VDB Entry
- http://xenbits.xen.org/xsa/advisory-187.htmlPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-7094?
Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.
How severe is CVE-2016-7094?
Severity scoring for CVE-2016-7094 is pending analysis. The EPSS model estimates a 0.40% probability of exploitation in the next 30 days.
How do I fix CVE-2016-7094?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2016-7094?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST