QwikSec

Security Database

CVE

CWE

Training

CVE-2016-7154

Published: Sep 21, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

http://xenbits.xen.org/xsa/advisory-188.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

http://xenbits.xen.org/xsa/xsa188.patch

x_refsource_CONFIRM

http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf

x_refsource_MISC

http://support.citrix.com/article/CTX216071

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.