What is CVE-2016-1571?

CVE-2016-1571 is a medium-severity vulnerability in Citrix Xenserver, classified under CWE-17. CVSS score: 6.3/10. Published 2016-01-22.

How severe is CVE-2016-1571?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Vulnerability in Citrix Xenserver

CVE-2016-1571

The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonica…

EPSS: 0.003 (53.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H.

Affected products

Citrix Xenserver
Xen — versions 3.3.0, 3.3.1, 3.3.2
N/a — versions n/a

Weakness classification (CWE)

CWE-17

References

DSA-3519 (vendor-advisory, x_refsource_DEBIAN)
1034745 (Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2016-1571?: CVE-2016-1571 is a medium-severity vulnerability in Citrix Xenserver, classified under CWE-17. CVSS score: 6.3/10. Published 2016-01-22.
How severe is CVE-2016-1571?: Medium severity. CVSS v3 base score is 6.3 out of 10.