Main Vulnerability Database Vulnerabilities #VU32214

Permissions, Privileges, and Access Controls in Xen - CVE-2016-9386

Published: January 23, 2017 / Updated: July 28, 2020

Vulnerability identifier: #VU32214

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-9386

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Xen

Software vendor:
Xen Project

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.

Remediation

Install update from vendor's website.

External links

http://www.securityfocus.com/bid/94471
http://www.securitytracker.com/id/1037340
http://xenbits.xen.org/xsa/advisory-191.html
https://security.gentoo.org/glsa/201612-56
https://support.citrix.com/article/CTX218775

Permissions, Privileges, and Access Controls in Xen - CVE-2016-9386

Description

Remediation

External links

Please verify you're human