Vulnerability CVE-2016-7154

Vulnerability Name:

CVE-2016-7154 (CCN-116663)

Assigned:

2016-09-08

Published:

2016-09-08

Updated:

2017-04-10

Summary:

Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number.

CVSS v3 Severity:

6.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

6.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-416

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2016-7154

Source: CONFIRM
Type: Third Party Advisory
http://support.citrix.com/article/CTX216071

Source: MISC
Type: UNKNOWN
http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf

Source: DEBIAN
Type: UNKNOWN
DSA-3663

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Source: BID
Type: Third Party Advisory, VDB Entry
92863

Source: CCN
Type: BID-92863
Xen CVE-2016-7154 Local Denial of Service Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1036754

Source: CCN
Type: Xen Security Advisory XSA-188
use after free in FIFO event channel code

Source: CONFIRM
Type: Patch, Vendor Advisory
http://xenbits.xen.org/xsa/advisory-188.html

Source: CONFIRM
Type: Patch
http://xenbits.xen.org/xsa/xsa188.patch

Source: XF
Type: UNKNOWN
xen-cve20167154-dos(116663)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-7154

Vulnerable Configuration:

Configuration 1:

cpe:/o:xen:xen:4.4.0:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.4.1:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.4.2:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.4.3:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.4.4:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:xensource:xen:4.4:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20167154	V	CVE-2016-7154	2022-05-20
oval:org.opensuse.security:def:31753	P	Security update for net-snmp (Important)	2022-01-05
oval:org.opensuse.security:def:40224	P	Security update for gmp (Moderate)	2021-12-14
oval:org.opensuse.security:def:31709	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:31300	P	Security update for MozillaFirefox (Important)	2021-11-17
oval:org.opensuse.security:def:35276	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:40223	P	Security update for glibc (Moderate)	2021-10-04
oval:org.opensuse.security:def:31687	P	Security update for sqlite3 (Important)	2021-09-23
oval:org.opensuse.security:def:39063	P	Security update for kvm (Moderate)	2021-08-23
oval:org.opensuse.security:def:40759	P	Security update for php53 (Moderate)	2021-08-20
oval:org.opensuse.security:def:14796	P	w3m-0.5.3.git20161120-160.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15116	P	logwatch-7.4.3-15.65 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15089	P	libu2f-host0-1.1.6-3.5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14995	P	libgcrypt20-1.6.1-16.68.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14971	P	libXxf86vm1-1.1.3-3.53 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14951	P	libX11-6-1.6.2-12.5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14900	P	glib2-lang-2.48.2-12.15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14830	P	apache2-mod_apparmor-2.8.2-51.18.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14804	P	xinetd-2.3.15-8.8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15191	P	squidGuard-1.4-30.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15175	P	rpm-32bit-4.11.2-16.21.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15164	P	python-libxml2-2.9.4-46.20.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:31243	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:31648	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:36482	P	libreoffice-testtool-3.4.5.5-0.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36440	P	libcgroup-devel-0.41.rc1-2.34 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15852	P	libtasn1-devel-3.7-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15829	P	libpacemaker-devel-1.1.13-10.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31151	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:38652	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:35642	P	sysstat-8.1.5-7.9.56 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35583	P	libarchive2-2.5.5-5.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35802	P	pcsc-ccid-1.3.8-3.15.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35758	P	libopensc2-0.11.6-5.27.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35730	P	krb5-doc-1.6.3-133.21 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35691	P	enscript-1.6.4-152.22.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:18537	P	Security update for gdk-pixbuf (Moderate)	2020-12-01
oval:org.opensuse.security:def:27417	P	ibutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:41096	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:30934	P	Security update for giflib (Moderate)	2020-12-01
oval:org.opensuse.security:def:27333	P	xorg-x11-libXrender-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:41051	P	Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:19691	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:30933	P	Recommended update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:27276	P	python on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:19665	P	Security update for Linux Kernel Live Patch 12 for SLE 12 (Important)	2020-12-01
oval:org.opensuse.security:def:27195	P	libmpfr1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:19027	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:27067	P	LibVNCServer on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35423	P	Security update for openssl1 (Important)	2020-12-01
oval:org.opensuse.security:def:19003	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:27003	P	opie on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35333	P	Security update for mono-core (Moderate)	2020-12-01
oval:org.opensuse.security:def:18991	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:38419	P	mozilla-nspr-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28440	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:35175	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:31599	P	Security update for tiff (Low)	2020-12-01
oval:org.opensuse.security:def:28405	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:35039	P	Security update for ipsec-tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:31543	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:27767	P	Security update for IBM Java	2020-12-01
oval:org.opensuse.security:def:34955	P	Security update for fontconfig (Low)	2020-12-01
oval:org.opensuse.security:def:31387	P	Security update for openvpn-openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27723	P	Security update for e2fsprogs	2020-12-01
oval:org.opensuse.security:def:34944	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:27709	P	Security update for bash	2020-12-01
oval:org.opensuse.security:def:39122	P	libreoffice on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31019	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:38903	P	java-1_7_0-openjdk-plugin on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30945	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:38813	P	tomcat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38755	P	mutt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32430	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:32391	P	Security update for tomcat6 (Moderate)	2020-12-01
oval:org.opensuse.security:def:38515	P	wpa_supplicant on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38431	P	pam-modules on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38420	P	mutt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39963	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:18529	P	Security update for nautilus (Low)	2020-12-01
oval:org.opensuse.security:def:40999	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:39921	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:40935	P	Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:39283	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc (Important)	2020-12-01
oval:org.opensuse.security:def:39238	P	Security update for python-pycrypto (Important)	2020-12-01
oval:org.opensuse.security:def:40657	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:39210	P	libreoffice on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26992	P	mozilla-xulrunner192 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40588	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:39171	P	gwenhywfar-lang on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26991	P	mono-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40479	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:18933	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:40327	P	Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:18900	P	Security update for libqt5-qtbase (Moderate)	2020-12-01
oval:org.opensuse.security:def:40235	P	Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:18788	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:18750	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:41859	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:34943	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:18716	P	Security update for spice-gtk (Moderate)	2020-12-01
oval:org.opensuse.security:def:27670	P	Security update for rubygem-rack-cache	2020-12-01
oval:org.opensuse.security:def:41814	P	Security update for gdk-pixbuf (Moderate)	2020-12-01
oval:org.opensuse.security:def:18658	P	Recommended update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27621	P	Security update for gtk2	2020-12-01
oval:org.opensuse.security:def:41176	P	Security update for postgresql96 (Important)	2020-12-01
oval:org.opensuse.security:def:18572	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:27568	P	struts on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:41125	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important)	2020-12-01
oval:org.cisecurity:def:1159	P	DSA-3663-1 -- xen -- security update	2016-10-14
oval:com.ubuntu.precise:def:20167154000	V	CVE-2016-7154 on Ubuntu 12.04 LTS (precise) - low.	2016-09-21
oval:com.ubuntu.trusty:def:20167154000	V	CVE-2016-7154 on Ubuntu 14.04 LTS (trusty) - low.	2016-09-21
oval:com.ubuntu.xenial:def:201671540000000	V	CVE-2016-7154 on Ubuntu 16.04 LTS (xenial) - low.	2016-09-21
oval:com.ubuntu.xenial:def:20167154000	V	CVE-2016-7154 on Ubuntu 16.04 LTS (xenial) - low.	2016-09-21

BACK