#VU393 Denial of service in Oracle VM Server for x86 - CVE-2016-7154

Cybersecurity Help s.r.o.

Published: 2016-09-09 | Updated: 2017-01-09

Vulnerability identifier: #VU393

Vulnerability risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:H/E:A/U:Amber]

CVE-ID: CVE-2016-7154

CWE-ID: CWE-284

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Oracle VM Server for x86
Server applications / Other server solutions

Vendor: Oracle

Description
The vulnerability allows local administrative user to gain elevated privileges and cause denial of service on the host system.

The vulnerability exists due to supplying of specially crafted frame number to the EVTCHNOP_init_control() function and allows attacker to cause use-after-free and denil of service.

Successful exploitation of this vulnerability may allow a lcal user to get privileges on the host system and trigger a target service deny.

Mitigation

Install patched version from vendor's website: xsa188.patch

Vulnerable software versions

Oracle VM Server for x86: 3.4

External links
https://xenbits.xen.org/xsa/advisory-188.html
https://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

Latest bulletins with this vulnerability

Denial of service in xen (Alpine package)

SUSE Linux update for xen

Denial of service in Oracle VM Server for x86