First published: Mon Feb 27 2017(Updated: )
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Xen xen-unstable | =4.7.0 | |
Xen xen-unstable | =4.7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-9818 has a high severity due to its potential to cause a denial of service resulting in a host crash.
To fix CVE-2016-9818, upgrade Xen to version 4.7.2 or later, as it contains patches addressing this vulnerability.
Local ARM guest OS users running Xen versions 4.7.0 and 4.7.1 are affected by CVE-2016-9818.
CVE-2016-9818 facilitates denial of service attacks via asynchronous aborts while in HYP state.
There are no known mitigations other than upgrading to a secure version, as the flaw cannot be worked around.