Main Vulnerability Database Vulnerabilities #VU32222

Permissions, Privileges, and Access Controls in Xen - CVE-2016-9381

Published: January 23, 2017 / Updated: July 28, 2020

Vulnerability identifier: #VU32222

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Clear

CVE-ID: CVE-2016-9381

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Xen

Software vendor:
Xen Project

Description

The vulnerability allows a local privileged user to execute arbitrary code.

Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.

Remediation

Install update from vendor's website.

External links

http://www.securityfocus.com/bid/94476
http://www.securitytracker.com/id/1037344
http://xenbits.xen.org/xsa/advisory-197.html
https://security.gentoo.org/glsa/201612-56
https://support.citrix.com/article/CTX218775

Permissions, Privileges, and Access Controls in Xen - CVE-2016-9381

Description

Remediation

External links

Please verify you're human