CVE-2016-10024

Published: Jan 26, 2017Modified: May 13, 2026

6.0

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Exploitability: 1.5 / Impact: 4.0

Source: NVD

Description

Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.

Affected (5)

Products: Xen: Xen · Citrix: Xenserver

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xen Xen	Up to 4.8.0

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Citrix Xenserver	Version 6.0.2
Citrix Xenserver	Version 6.2.0
Citrix Xenserver	Version 6.5
Citrix Xenserver	Version 7.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

http://www.debian.org/security/2017/dsa-3847

Source: cve@mitre.org

http://www.securityfocus.com/bid/95021

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037517

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://xenbits.xen.org/xsa/advisory-202.html

Source: cve@mitre.org

PatchVendor Advisory

https://security.gentoo.org/glsa/201612-56

Source: cve@mitre.org

https://support.citrix.com/article/CTX219378

Source: cve@mitre.org

PatchThird Party Advisory

http://www.debian.org/security/2017/dsa-3847