Vulnerability Details : CVE-2016-4480
The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.
Products affected by CVE-2016-4480
- cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-4480
0.92%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-4480
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
8.4
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.5
|
5.9
|
NIST |
CWE ids for CVE-2016-4480
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-4480
-
http://www.debian.org/security/2016/dsa-3633
Debian -- Security Information -- DSA-3633-1 xen
-
http://www.securitytracker.com/id/1035901
Xen PS Table Bit Processing Flaw Lets Local Users on a Guest System Gain Elevated Privileges on the Guest System - SecurityTracker
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Oracle VM Server for x86 Bulletin - July 2016Vendor Advisory
-
http://xenbits.xen.org/xsa/advisory-176.html
XSA-176 - Xen Security AdvisoriesVendor Advisory
-
http://www.securityfocus.com/bid/90710
Xen CVE-2016-4480 Security Bypass Vulnerability
Jump to