vulnerability
Oracle Linux: CVE-2016-9637: ELSA-2016-2963: xen security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:A/AC:H/Au:M/C:C/I:C/A:C) | 2016-12-06 | 2016-12-21 | 2024-11-30 |
Severity
6
CVSS
(AV:A/AC:H/Au:M/C:C/I:C/A:C)
Published
2016-12-06
Added
2016-12-21
Modified
2024-11-30
Description
The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.
An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw to potentially escalate their privileges on a host.
An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw to potentially escalate their privileges on a host.
Solution(s)
oracle-linux-upgrade-xenoracle-linux-upgrade-xen-develoracle-linux-upgrade-xen-libs
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.