Fedora 23 update for xen
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2016-7092 CVE-2016-7093 CVE-2016-7094 |
| CWE-ID | CWE-284 CWE-119 |
| Exploitation vector | Local |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
Fedora Operating systems & Components / Operating system xen Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU388
Risk: Low
CVSSv4.0: 8.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2016-7092
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows local administrative user to get elevated privileges on the host system.
The vulnerability exists due to entrying of L3 code in 64-bit hypervisor by administrative user of 32-bit PV that allows him to gain privileges on the target system.
Successful exploitation of this vulnerability will result in gaining elevated privileges by the guest attacker.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 23
xen: before 4.5.3-10.fc23
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-1c3374bcb9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
2) Access control error
EUVDB-ID: #VU389
Risk: Medium
CVSSv4.0: 6.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2016-7093
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows local user to get elevated privileges on the host system.
The vulnerability exists due to instruction pointer truncation error that allows a local administrative user on the HVM guest system to gain priviliges on the target system.
Successful exploitation of this vulnerability will result in gaining elevated privileges by the guest attacker.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 23
xen: before 4.5.3-10.fc23
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-1c3374bcb9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
3) Buffer overflow
EUVDB-ID: #VU32241
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-7094
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 23
xen: before 4.5.3-10.fc23
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-1c3374bcb9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
