vulnerability
FreeBSD: VID-d51ced72-4212-11e6-942d-bc5ff45d0f28 (CVE-2016-3960): xen-kernel -- x86 shadow pagetables: address width overflow
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Jul 4, 2016 | Dec 10, 2025 | Dec 10, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Jul 4, 2016
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
The Xen Project reports: In the x86 shadow pagetable code, the guest frame number of a superpage mapping is stored in a 32-bit field. If a shadowed guest can cause a superpage mapping of a guest-physical address at or above 2^44 to be shadowed, the top bits of the address will be lost, causing an assertion failure or NULL dereference later on, in code that removes the shadow. A HVM guest using shadow pagetables can cause the host to crash. A PV guest using shadow pagetables (i.e. being migrated) with PV superpages enabled (which is not the default) can crash the host, or corrupt hypervisor memory, and so a privilege escalation cannot be ruled out.
Solution
freebsd-upgrade-package-xen-kernel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.