vulnerability
FreeBSD: VID-7ed7c36f-ddaf-11e5-b2bd-002590263bf5 (CVE-2016-1570): xen-kernel -- PV superpage functionality missing sanity checks
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:N/C:C/I:C/A:C) | Feb 28, 2016 | Dec 10, 2025 | Dec 10, 2025 |
Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
Feb 28, 2016
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
The Xen Project reports: The PV superpage functionality lacks certain validity checks on data being passed to the hypervisor by guests. This is the case for the page identifier (MFN) passed to MMUEXT_MARK_SUPER and MMUEXT_UNMARK_SUPER sub-ops of the HYPERVISOR_mmuext_op hypercall as well as for various forms of page table updates. Use of the feature, which is disabled by default, may have unknown effects, ranging from information leaks through Denial of Service to privilege escalation.
Solution
freebsd-upgrade-package-xen-kernel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.