FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-tools -- Unsanitised driver domain input in libxl device handling

Affected packages
xen-tools < 4.7.0_1

Details

VuXML ID e589ae90-4212-11e6-942d-bc5ff45d0f28
Discovery 2016-06-02
Entry 2016-07-04

The Xen Project reports:

libxl's device-handling code freely uses and trusts information from the backend directories in xenstore.

A malicious driver domain can deny service to management tools.

References

CVE Name CVE-2016-4963
URL http://xenbits.xen.org/xsa/advisory-178.html