CVE-2016-3960

Published: Apr 19, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.0 / Impact: 6.0

Source: NVD

Description

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.

Affected (7)

Products: Xen: Xen · Fedoraproject: Fedora · Oracle: Vm Server

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xen Xen	All versions

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 22
Fedoraproject Fedora	Version 23
Fedoraproject Fedora	Version 24

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Oracle Vm Server	Version 3.2
Oracle Vm Server	Version 3.3
Oracle Vm Server	Version 3.4

Related CWEs

CWE-264

References (18)

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html

Source: cve@mitre.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html

Source: cve@mitre.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html

Source: cve@mitre.org

Third Party Advisory

http://support.citrix.com/article/CTX209443

Source: cve@mitre.org

http://www.debian.org/security/2016/dsa-3554

Source: cve@mitre.org

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/86318

Source: cve@mitre.org

http://www.securitytracker.com/id/1035587

Source: cve@mitre.org

http://xenbits.xen.org/xsa/advisory-173.html

Source: cve@mitre.org

PatchVendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html