Medium severity6.7NVD Advisory· Published Sep 21, 2016· Updated May 6, 2026

CVE-2016-7154

Description

Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

xenbits.xen.org/xsa/advisory-188.htmlnvdPatchVendor Advisory
xenbits.xen.org/xsa/xsa188.patchnvdPatch
support.citrix.com/article/CTX216071nvdThird Party Advisory
www.securityfocus.com/bid/92863nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1036754nvdThird Party AdvisoryVDB Entry
www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdfnvd
www.debian.org/security/2016/dsa-3663nvd
www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.436
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000