CVE-2016-6258
Advisory lineage Upstream: 0 Downstream: 14
Modified
Published: 02 Aug 2016, 16:00
Last modified:06 Aug 2024, 01:22
Vulnerability Summary
Overall Risk (default)
medium
35/100 CVSS Score
8.8 HIGH
v3.0 (nvd)
EPSS Score
0.11% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
02 Aug 2016, 16:00
Published
Vulnerability first disclosed
06 Aug 2024, 01:22
Last Modified
Vulnerability information updated
Description
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
CVSS Metrics
- v3.0•HIGH•Score: 8.8CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- v2.0•HIGH•Score: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 0.11%• Percentile: 29%
Techniques & Countermeasures
- CWE-284•Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Affected Systems
- citrix•xenserver
6.0 | 6.0.2 | 6.1 | 6.2.0:sp1 | 6.5.0:sp1 | 7.0
- xen•xen
3.4.0 | 3.4.2 | 3.4.3 | 3.4.4 | 4.0.0 | 4.0.1 | 4.0.3 | 4.0.4 | 4.1.0 | 4.1.1 | 4.1.2 | 4.1.3 | 4.1.4 | 4.1.5 | 4.2.0 | 4.2.1 | 4.2.2 | 4.2.3 | 4.3.0 | 4.3.1 | 4.4.0 | 4.4.1 | 4.5.0 | 4.6.0 | 4.6.1 | 4.6.3 | 4.7.0
References (10)
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://xenbits.xen.org/xsa/advisory-182.html
- http://xenbits.xen.org/xsa/xsa182-4.6.patch
- http://support.citrix.com/article/CTX214954
- https://security.gentoo.org/glsa/201611-09
- http://xenbits.xen.org/xsa/xsa182-unstable.patch
- http://xenbits.xen.org/xsa/xsa182-4.5.patch
- http://www.debian.org/security/2016/dsa-3633
- http://www.securitytracker.com/id/1036446
- http://www.securityfocus.com/bid/92131