VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 7, 2014· Updated Apr 29, 2026

CVE-2011-1166

CVE-2011-1166

Description

Xen PV guests can cause a host crash by specifying user-mode execution without user-mode page tables, leading to denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Xen PV guests can cause a host crash by specifying user-mode execution without user-mode page tables, leading to denial of service.

Vulnerability

A flaw exists in the Xen hypervisor implementation for managing page tables when a 64-bit PV guest requests user-mode execution without providing user-mode page tables. This missing validation in the page table handling code, present in Xen versions possibly before 4.0.2, allows a local privileged guest user to trigger a denial of service [1][2].

Exploitation

An attacker must have local access to a 64-bit PV guest and have sufficient privileges within that guest to set up the CPU state to specify user-mode execution without the required user-mode page tables. No additional user interaction or network access is needed. The sequence involves the guest crafted context that triggers the missing error check in the Xen hypervisor's page table handling code [1][2].

Impact

Successful exploitation leads to a denial of service where the host (Xen Domain 0) and all guest virtual machines lock up or crash, preventing any further operations until the physical host is restarted [1][2].

Mitigation

Red Hat Enterprise Linux 5 addressed this issue with kernel updates released in July 2011 (RHSA-2011:0833). Avaya also released fixed kernel packages in advisory ASA-2011-208. Users should apply the updated kernel packages from their respective vendors. No KEV listing is available for this CVE. No workaround exists other than applying the patch [1][2].

References
  1. http://rhn.redhat.com/errata/RHSA-2011-0833.html
  2. ASA-2011-208 (RHSA-2011-0833)

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

20
  • Xen/Xen20 versions
    cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*+ 19 more
    • cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*range: <=4.0.1
    • cpe:2.3:o:xen:xen:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:3.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:3.2.3:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*
    • cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
    • (no CPE)range: <4.0.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.