Vulnerability Details CVE-2016-7093
Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.3%
CVSS Severity
CVSS v3 Score 8.2
CVSS v2 Score 7.2
References
- http://support.citrix.com/article/CTX216071
- http://www.securityfocus.com/bid/92865
- http://www.securitytracker.com/id/1036752
- http://xenbits.xen.org/xsa/advisory-186.html
- http://xenbits.xen.org/xsa/xsa186-0001-x86-emulate-Correct-boundary-interactions-of-emulate.patch
- https://security.gentoo.org/glsa/201611-09
- http://support.citrix.com/article/CTX216071
- http://www.securityfocus.com/bid/92865
- http://www.securitytracker.com/id/1036752
- http://xenbits.xen.org/xsa/advisory-186.html
- http://xenbits.xen.org/xsa/xsa186-0001-x86-emulate-Correct-boundary-interactions-of-emulate.patch
- https://security.gentoo.org/glsa/201611-09