Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3961
Reference (s):
- BID:86068
- URL: http://www.securityfocus.com/bid/86068
- http://xenbits.xen.org/xsa/advisory-174.html
- http://xenbits.xen.org/xsa/xsa174.patch
- DEBIAN:DSA-3607