CVE-2016-10025

Published: 26 January 2017

VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.6.0-1ubuntu4.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
Patches:
Upstream: https://xenbits.xen.org/xsa/xsa203.patch
Upstream: https://xenbits.xen.org/xsa/xsa203-4.7.patch
Upstream: https://xenbits.xen.org/xsa/xsa203-4.8.patch
Binaries built from this source package are in Universe and so are supported by the community.