The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability announce CVE-2016-7154

Xen: use after free via FIFO

Synthesis of the vulnerability

An attacker, inside a guest system, can force the usage of a freed memory area via FIFO of Xen, in order to trigger a denial of service, and possibly to run code on the host system.
Vulnerable systems: XenServer, Debian, openSUSE, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity of this threat: 1/4.
Consequences of an attack: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Pirate's origin: privileged shell.
Creation date: 08/09/2016.
Références of this weakness: CERTFR-2016-AVI-301, CERTFR-2016-AVI-303, CTX216071, CVE-2016-7154, DSA-3663-1, openSUSE-SU-2016:2497-1, SUSE-SU-2016:2507-1, SUSE-SU-2016:2533-1, VIGILANCE-VUL-20552, XSA-188.

Description of the vulnerability

An attacker, inside a guest system, can force the usage of a freed memory area via FIFO of Xen, in order to trigger a denial of service, and possibly to run code on the host system.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerability watch. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.