Vulnerability Details CVE-2016-7093
Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 34.1%
CVSS Severity
CVSS v3 Score 8.2
CVSS v2 Score 7.2
References
- http://support.citrix.com/article/CTX216071
- http://www.securityfocus.com/bid/92865
- http://www.securitytracker.com/id/1036752
- http://xenbits.xen.org/xsa/advisory-186.html
- http://xenbits.xen.org/xsa/xsa186-0001-x86-emulate-Correct-boundary-interactions-of-emulate.patch
- https://security.gentoo.org/glsa/201611-09
- http://support.citrix.com/article/CTX216071
- http://www.securityfocus.com/bid/92865
- http://www.securitytracker.com/id/1036752
- http://xenbits.xen.org/xsa/advisory-186.html
- http://xenbits.xen.org/xsa/xsa186-0001-x86-emulate-Correct-boundary-interactions-of-emulate.patch
- https://security.gentoo.org/glsa/201611-09