Privilege escalation in Xen - CVE-2016-7092
Published: September 9, 2016 / Updated: March 26, 2018
Vulnerability identifier: #VU388
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2016-7092
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Xen Project
Affected software:
Xen
Xen
Detailed vulnerability description
The vulnerability allows local administrative user to get elevated privileges on the host system.
The vulnerability exists due to entrying of L3 code in 64-bit hypervisor by administrative user of 32-bit PV that allows him to gain privileges on the target system.
Successful exploitation of this vulnerability will result in gaining elevated privileges by the guest attacker.
The vulnerability exists due to entrying of L3 code in 64-bit hypervisor by administrative user of 32-bit PV that allows him to gain privileges on the target system.
Successful exploitation of this vulnerability will result in gaining elevated privileges by the guest attacker.