vulnerability
Oracle Linux: CVE-2016-9637: ELSA-2016-2963: xen security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:A/AC:H/Au:M/C:C/I:C/A:C) | Dec 6, 2016 | Dec 21, 2016 | Nov 30, 2024 |
Severity
6
CVSS
(AV:A/AC:H/Au:M/C:C/I:C/A:C)
Published
Dec 6, 2016
Added
Dec 21, 2016
Modified
Nov 30, 2024
Description
The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.
An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw to potentially escalate their privileges on a host.
An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw to potentially escalate their privileges on a host.
Solution(s)
oracle-linux-upgrade-xenoracle-linux-upgrade-xen-develoracle-linux-upgrade-xen-libs
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.