CVE Vulnerabilities

CVE-2016-9386

Published: Jan 23, 2017 | Modified: Nov 21, 2024
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
6 MODERATE
AV:N/AC:M/Au:S/C:P/I:P/A:P
RedHat/V3
7.5 MODERATE
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving unexpected base/limit values.

Affected Software 

Name Vendor Start Version End Version
Xenserver Citrix 6.0.2 (including) 6.0.2 (including)
Xenserver Citrix 6.2.0 (including) 6.2.0 (including)
Xenserver Citrix 6.5 (including) 6.5 (including)
Xenserver Citrix 7.0 (including) 7.0 (including)
Xen Ubuntu devel *
Xen Ubuntu precise *
Xen Ubuntu trusty *
Xen Ubuntu upstream *
Xen Ubuntu xenial *
Xen Ubuntu yakkety *
Xen Ubuntu zesty *

References