CVE-2016-4962

Advisory lineage Upstream: 0 Downstream: 7

Downstream

DEBIAN-CVE-2016-4962 DSA-3633-1 MGASA-2017-0012 SUSE-SU-2016:2093-1 SUSE-SU-2016:2100-1 SUSE-SU-2016:2533-1

Modified

Published: 07 Jun 2016, 14:00

Last modified:06 Aug 2024, 00:46

Vulnerability Summary

Overall Risk (default)

medium

27/100

CVSS Score

6.8 MEDIUM

v2.0 (nvd)

EPSS Score

0.09% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

07 Jun 2016, 14:00

Published

Vulnerability first disclosed

06 Aug 2024, 00:46

Last Modified

Vulnerability information updated

Description

The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.

CVSS Metrics

v3.0•MEDIUM•Score: 6.7CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
v2.0•MEDIUM•Score: 6.8AV:L/AC:L/Au:S/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.09%• Percentile: 25%

Techniques & Countermeasures

CWE-264•Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Affected Systems

oracle•vm_server
3.3 | 3.4
xen•xen
4.3.0 | 4.3.1 | 4.3.2 | 4.3.3 | 4.3.4 | 4.4.0 | 4.4.0:rc1 | 4.4.1 | 4.4.2 | 4.4.3 | 4.4.4 | 4.5.0 | 4.5.1 | 4.5.2 | 4.5.3 | 4.6.0 | 4.6.1