CVE-2016-9817

CVE-2016-9817

Name

CVE-2016-9817

Description

Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Mailing List	http://www.openwall.com/lists/oss-security/2016/11/29/3
Mailing List	http://www.openwall.com/lists/oss-security/2016/12/05/7
Third Party Advisory	http://www.securityfocus.com/bid/94581
cve@mitre.org	http://www.securitytracker.com/id/1037358
Mitigation	http://xenbits.xen.org/xsa/advisory-201.html
Patch	http://xenbits.xen.org/xsa/xsa201-3-4.7.patch
Patch	http://xenbits.xen.org/xsa/xsa201-3.patch
cve@mitre.org	https://security.gentoo.org/glsa/201612-56

Type

URI

Mailing List

http://www.openwall.com/lists/oss-security/2016/11/29/3

Mailing List

http://www.openwall.com/lists/oss-security/2016/12/05/7

Third Party Advisory

http://www.securityfocus.com/bid/94581

cve@mitre.org

http://www.securitytracker.com/id/1037358

Mitigation

http://xenbits.xen.org/xsa/advisory-201.html

Patch

http://xenbits.xen.org/xsa/xsa201-3-4.7.patch

Patch

http://xenbits.xen.org/xsa/xsa201-3.patch

cve@mitre.org

https://security.gentoo.org/glsa/201612-56

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:xen:xen:4.7.0:::::::*`	xen	== None	== 4.7.0
`cpe:2.3:o:xen:xen:4.7.1:::::::*`	xen	== None	== 4.7.1

CPE URI

Source package

Min version

Max version

cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*

xen

== None

== 4.7.0

cpe:2.3:o:xen:xen:4.7.1:*:*:*:*:*:*:*

xen

== None

== 4.7.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
xen	edge-main	4.7.1-r5	None	fixed
xen	edge-main	4.7.1-r4	None	fixed
xen	edge-main	4.7.1-r3	None	fixed
xen	edge-main	4.7.1-r1	None	possibly vulnerable
xen	edge-main	4.7.0-r5	None	possibly vulnerable
xen	edge-main	4.7.0-r1	None	possibly vulnerable
xen	edge-main	4.7.0-r0	None	possibly vulnerable
xen	3.22-main	4.7.1-r5	None	fixed
xen	3.22-main	4.7.1-r4	None	fixed
xen	3.22-main	4.7.1-r3	None	fixed
xen	3.22-main	4.7.1-r1	None	possibly vulnerable
xen	3.22-main	4.7.0-r5	None	possibly vulnerable
xen	3.22-main	4.7.0-r1	None	possibly vulnerable
xen	3.22-main	4.7.0-r0	None	possibly vulnerable
xen	3.21-main	4.7.1-r5	None	fixed
xen	3.21-main	4.7.1-r4	None	fixed
xen	3.21-main	4.7.1-r3	None	fixed
xen	3.21-main	4.7.1-r1	None	possibly vulnerable
xen	3.21-main	4.7.0-r5	None	possibly vulnerable
xen	3.21-main	4.7.0-r1	None	possibly vulnerable
xen	3.21-main	4.7.0-r0	None	possibly vulnerable
xen	3.20-main	4.7.1-r5	None	fixed
xen	3.20-main	4.7.1-r4	None	fixed
xen	3.20-main	4.7.1-r3	None	fixed
xen	3.20-main	4.7.1-r1	None	possibly vulnerable
xen	3.20-main	4.7.0-r5	None	possibly vulnerable
xen	3.20-main	4.7.0-r1	None	possibly vulnerable
xen	3.20-main	4.7.0-r0	None	possibly vulnerable
xen	3.19-main	4.7.1-r5	None	fixed
xen	3.19-main	4.7.1-r4	None	fixed
xen	3.19-main	4.7.1-r3	None	fixed
xen	3.19-main	4.7.1-r1	None	possibly vulnerable
xen	3.19-main	4.7.0-r5	None	possibly vulnerable
xen	3.19-main	4.7.0-r1	None	possibly vulnerable
xen	3.19-main	4.7.0-r0	None	possibly vulnerable
xen	3.18-main	4.7.1-r3	None	fixed
xen	3.17-main	4.7.1-r3	None	fixed
xen	3.12-main	4.7.1-r3	None	fixed
xen	3.11-main	4.7.1-r3	None	fixed
xen	3.10-main	4.7.1-r3	None	fixed

Source package

Branch

Version

Maintainer

Status

xen

edge-main

4.7.1-r5

None

fixed

xen

edge-main