CVE-2016-6259 - OpenCVE

Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Citrix	Xenserver
Xen	Xen

Configuration 1 [-]

OR	cpe:2.3:o:xen:xen:4.5.0:::::::*
	cpe:2.3:o:xen:xen:4.5.1:::::::*
	cpe:2.3:o:xen:xen:4.5.2:::::::*
	cpe:2.3:o:xen:xen:4.5.3:::::::*
	cpe:2.3:o:xen:xen:4.6.0:::::::*
	cpe:2.3:o:xen:xen:4.6.1:::::::*
	cpe:2.3:o:xen:xen:4.6.3:::::::*
	cpe:2.3:o:xen:xen:4.7.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:citrix:xenserver:6.0:::::::*
	cpe:2.3:a:citrix:xenserver:6.0.2:::::::*
	cpe:2.3:a:citrix:xenserver:6.1:::::::*
	cpe:2.3:a:citrix:xenserver:6.2.0:sp1::::::
	cpe:2.3:a:citrix:xenserver:6.5.0:sp1::::::
	cpe:2.3:a:citrix:xenserver:7.0:::::::*

References

Link	Resource
http://support.citrix.com/article/CTX214954	Vendor Advisory
http://www.securityfocus.com/bid/92130	Third Party Advisory
http://www.securitytracker.com/id/1036447	Third Party Advisory
http://xenbits.xen.org/xsa/advisory-183.html	Mailing List Patch
http://xenbits.xen.org/xsa/xsa183-4.6.patch	Mitigation Patch
http://xenbits.xen.org/xsa/xsa183-unstable.patch	Mitigation Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-08-02T16:00:00

Updated: 2016-08-02T14:57:01

Reserved: 2016-07-20T00:00:00

Link: CVE-2016-6259

JSON object: View

NVD Information

Status : Analyzed

Published: 2016-08-02T16:59:09.133

Modified: 2016-08-04T03:15:18.267

Link: CVE-2016-6259

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-07-26T00:00:00", "descriptions": [{"lang": "en", "value": "Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-08-02T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "92130", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92130"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX214954"}, {"name": "1036447", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036447"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/xsa183-unstable.patch"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-183.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/xsa183-4.6.patch"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6259", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "92130", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92130"}, {"name": "http://support.citrix.com/article/CTX214954", "refsource": "CONFIRM", "url": "http://support.citrix.com/article/CTX214954"}, {"name": "1036447", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036447"}, {"name": "http://xenbits.xen.org/xsa/xsa183-unstable.patch", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/xsa183-unstable.patch"}, {"name": "http://xenbits.xen.org/xsa/advisory-183.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-183.html"}, {"name": "http://xenbits.xen.org/xsa/xsa183-4.6.patch", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/xsa183-4.6.patch"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-6259", "datePublished": "2016-08-02T16:00:00", "dateReserved": "2016-07-20T00:00:00", "dateUpdated": "2016-08-02T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "90CCECD0-C0F9-45A8-8699-64428637EBCA", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "F0ED340C-6746-471E-9F2D-19D62D224B7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "99BD7C4F-DE4C-4508-B20D-46A94B616C5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "3374F1FB-70F9-4EBC-837B-0D42282E3E5F", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B6F7CE9-C409-4D88-9A99-B21420633F45", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "B814C381-4991-495A-B530-7543F977B346", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "14442705-D243-4250-A486-E70989946D73", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1DD0255-9127-4C7F-9C02-42198820363E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:xenserver:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C1D10B8-202D-44A4-A872-88D7C11488D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5FCF191B-971A-4945-AB14-08091689BE2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "082A4559-2E75-4B84-8E50-304015DB9C7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:6.2.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "878949E0-D656-4E0E-858A-C6AD948A2A2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:6.5.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "674E9825-655A-4860-8FD1-7F022090922F", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "405F950F-0772-41A3-8B72-B67151CC1376", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check."}, {"lang": "es", "value": "Xen 4.5.x hasta la version 4.7.x no implementa listas blancas Supervisor Mode Access Prevencion (SMAP) en excepci\u00f3n 32 bits y entrega de eventos, lo que permite a kernels 32-bit PV locales del SO invitado provocar una denegaci\u00f3n de servicio (hipervisor y caida VM) mediante la activaci\u00f3n de un control de seguridad."}], "id": "CVE-2016-6259", "lastModified": "2016-08-04T03:15:18.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-08-02T16:59:09.133", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://support.citrix.com/article/CTX214954"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.securityfocus.com/bid/92130"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.securitytracker.com/id/1036447"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch"], "url": "http://xenbits.xen.org/xsa/advisory-183.html"}, {"source": "cve@mitre.org", "tags": ["Mitigation", "Patch"], "url": "http://xenbits.xen.org/xsa/xsa183-4.6.patch"}, {"source": "cve@mitre.org", "tags": ["Mitigation", "Patch"], "url": "http://xenbits.xen.org/xsa/xsa183-unstable.patch"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}