Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2016-4480

Published: May 18, 2016 | Modified: Dec 01, 2016
CVSS 3.x
8.4
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
4.3 MODERATE
AV:A/AC:H/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
LOW
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2016-4480
CWEhttps://cwe.mitre.org/data/definitions/264.html

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.

Affected Software

Name Vendor Start Version End Version
Vm_server Oracle 3.2 (including) 3.2 (including)
Vm_server Oracle 3.3 (including) 3.3 (including)
Vm_server Oracle 3.4 (including) 3.4 (including)
Linux-flo Ubuntu trusty *
Linux-goldfish Ubuntu trusty *
Linux-grouper Ubuntu trusty *
Linux-linaro-omap Ubuntu precise *
Linux-linaro-shared Ubuntu precise *
Linux-linaro-vexpress Ubuntu precise *
Linux-lts-quantal Ubuntu precise *
Linux-lts-raring Ubuntu precise *
Linux-lts-saucy Ubuntu precise *
Linux-maguro Ubuntu trusty *
Linux-mako Ubuntu trusty *
Linux-manta Ubuntu trusty *
Linux-qcm-msm Ubuntu precise *
Xen Ubuntu devel *
Xen Ubuntu precise *
Xen Ubuntu trusty *
Xen Ubuntu wily *
Xen Ubuntu xenial *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use