Access control error - CVE-2016-7093
Published: September 9, 2016
Vulnerability identifier: #VU389
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2016-7093
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows local user to get elevated privileges on the host system.
The vulnerability exists due to instruction pointer truncation error that allows a local administrative user on the HVM guest system to gain priviliges on the target system.
Successful exploitation of this vulnerability will result in gaining elevated privileges by the guest attacker.
The vulnerability exists due to instruction pointer truncation error that allows a local administrative user on the HVM guest system to gain priviliges on the target system.
Successful exploitation of this vulnerability will result in gaining elevated privileges by the guest attacker.
How to mitigate CVE-2016-7093
Install patched versions from vendor's website:
xsa186-0001-x86-emulate-Correct-boundary-interactions-of-emulate.patchxsa186-0002-hvm-fep-Allow-testing-of-instructions-crossing-the-1.patch
xsa186-4.6-0002-hvm-fep-Allow-testing-of-instructions-crossing-the.patch
xsa186-4.7-0002-hvm-fep-Allow-testing-of-instructions-crossing-the.patch