Vulnerability Description
Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.
CVSS Score
8.2
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | 4.5.3 |
Related Weaknesses (CWE)
References
- http://support.citrix.com/article/CTX216071Third Party Advisory
- http://www.securityfocus.com/bid/92865
- http://www.securitytracker.com/id/1036752Third Party AdvisoryVDB Entry
- http://xenbits.xen.org/xsa/advisory-186.htmlPatchVendor Advisory
- http://xenbits.xen.org/xsa/xsa186-0001-x86-emulate-Correct-boundary-interactionsPatchVendor Advisory
- https://security.gentoo.org/glsa/201611-09
- http://support.citrix.com/article/CTX216071Third Party Advisory
- http://www.securityfocus.com/bid/92865
- http://www.securitytracker.com/id/1036752Third Party AdvisoryVDB Entry
- http://xenbits.xen.org/xsa/advisory-186.htmlPatchVendor Advisory
- http://xenbits.xen.org/xsa/xsa186-0001-x86-emulate-Correct-boundary-interactionsPatchVendor Advisory
- https://security.gentoo.org/glsa/201611-09
FAQ
What is CVE-2016-7093?
CVE-2016-7093 is a vulnerability with a CVSS score of 8.2 (HIGH). Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation ...
How severe is CVE-2016-7093?
CVE-2016-7093 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-7093?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.