Vulnerability Details : CVE-2016-4480
The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.
Exploit prediction scoring system (EPSS) score for CVE-2016-4480
Probability of exploitation activity in the next 30 days: 0.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 51 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-4480
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
8.4
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.5
|
5.9
|
NIST |
CWE ids for CVE-2016-4480
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-4480
-
http://www.debian.org/security/2016/dsa-3633
Debian -- Security Information -- DSA-3633-1 xen
-
http://www.securitytracker.com/id/1035901
Xen PS Table Bit Processing Flaw Lets Local Users on a Guest System Gain Elevated Privileges on the Guest System - SecurityTracker
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Oracle VM Server for x86 Bulletin - July 2016Vendor Advisory
-
http://xenbits.xen.org/xsa/advisory-176.html
XSA-176 - Xen Security AdvisoriesVendor Advisory
-
http://www.securityfocus.com/bid/90710
Xen CVE-2016-4480 Security Bypass Vulnerability
Products affected by CVE-2016-4480
- cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*