Main Vulnerability Database Vulnerabilities #VU32214

Permissions, Privileges, and Access Controls in Xen - CVE-2016-9386

Published: January 23, 2017 / Updated: July 28, 2020

Vulnerability identifier: #VU32214

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-9386

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Xen Project

Affected software:
Xen

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.

How to mitigate CVE-2016-9386

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/94471
http://www.securitytracker.com/id/1037340
http://xenbits.xen.org/xsa/advisory-191.html
https://security.gentoo.org/glsa/201612-56
https://support.citrix.com/article/CTX218775

Permissions, Privileges, and Access Controls in Xen - CVE-2016-9386

Detailed vulnerability description

How to mitigate CVE-2016-9386

Sources

Please verify you're human