Main Vulnerability Database Vulnerabilities #VU32222

Permissions, Privileges, and Access Controls in Xen - CVE-2016-9381

Published: January 23, 2017 / Updated: July 28, 2020

Vulnerability identifier: #VU32222

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Clear

CVE-ID: CVE-2016-9381

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Xen Project

Affected software:
Xen

Detailed vulnerability description

The vulnerability allows a local privileged user to execute arbitrary code.

Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.

How to mitigate CVE-2016-9381

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/94476
http://www.securitytracker.com/id/1037344
http://xenbits.xen.org/xsa/advisory-197.html
https://security.gentoo.org/glsa/201612-56
https://support.citrix.com/article/CTX218775

Permissions, Privileges, and Access Controls in Xen - CVE-2016-9381

Detailed vulnerability description

How to mitigate CVE-2016-9381

Sources

Please verify you're human