vulnerability
FreeBSD: VID-942433db-c661-11e6-ae1b-002590263bf5 (CVE-2016-10013): xen-kernel -- x86: Mishandling of SYSCALL singlestep during emulation
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:P/I:P/A:P) | Dec 20, 2016 | Dec 22, 2016 | Mar 25, 2026 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Dec 20, 2016
Added
Dec 22, 2016
Modified
Mar 25, 2026
Description
The Xen Project reports: The typical behaviour of singlestepping exceptions is determined at the start of the instruction, with a #DB trap being raised at the end of the instruction. SYSCALL (and SYSRET, although we don't implement it) behave differently because the typical behaviour allows userspace to escalate its privilege. (This difference in behaviour seems to be undocumented.) Xen wrongly raised the exception based on the flags at the start of the instruction. Guest userspace which can invoke the instruction emulator can use this flaw to escalate its privilege to that of the guest kernel.
Solution
freebsd-upgrade-package-xen-kernel
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.