SB2016060702 - NULL pointer dereference in Xen

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016060702

SB2016060702 - NULL pointer dereference in Xen

Published: June 7, 2016 Updated: July 28, 2020

Security Bulletin ID SB2016060702
Severity
Medium
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) NULL pointer dereference (CVE-ID: CVE-2016-5242)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion. <a href="http://cwe.mitre.org/data/definitions/476. A remote attacker can perform a denial of service (DoS) attack.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References