Main Vulnerability Database Vulnerabilities #VU32280

Permissions, Privileges, and Access Controls in Xen - CVE-2016-4480

Published: May 18, 2016 / Updated: July 28, 2020

Vulnerability identifier: #VU32280

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-4480

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Xen Project

Affected software:
Xen

Detailed vulnerability description

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.

How to mitigate CVE-2016-4480

Install update from vendor's website.

Sources

http://www.debian.org/security/2016/dsa-3633
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/90710
http://www.securitytracker.com/id/1035901
http://xenbits.xen.org/xsa/advisory-176.html

Permissions, Privileges, and Access Controls in Xen - CVE-2016-4480

Detailed vulnerability description

How to mitigate CVE-2016-4480

Sources

Please verify you're human