The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
Max CVSS
8.8
EPSS Score
0.06%
Published
2016-08-02
Updated
2017-07-01
Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account.
Max CVSS
9.8
EPSS Score
0.86%
Published
2016-06-13
Updated
2016-06-20
2 vulnerabilities found