Vulnerability Details : CVE-2016-9386
The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.
Products affected by CVE-2016-9386
- cpe:2.3:a:citrix:xenserver:6.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:xenserver:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9386
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9386
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-9386
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9386
-
https://support.citrix.com/article/CTX218775
Citrix XenServer Multiple Security UpdatesPatch;Third Party Advisory
-
http://www.securityfocus.com/bid/94471
Xen CVE-2016-9386 Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://xenbits.xen.org/xsa/advisory-191.html
XSA-191 - Xen Security AdvisoriesPatch;Vendor Advisory
-
http://www.securitytracker.com/id/1037340
Xen x86 Null Segment Access Control Bug Lets Local Users on a Guest System Gain Elevated Privileges on the Guest System - SecurityTrackerThird Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/201612-56
Xen: Multiple vulnerabilities (GLSA 201612-56) — Gentoo security
Jump to