Main Vulnerability Database SB2016051707

SB2016051707 - Fedora 24 update for xen

Published: May 17, 2016 Updated: April 24, 2025

Security Bulletin ID SB2016051707

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2016-4480)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2016-5d5a8bfbc5