7.8

CVE-2016-9386

The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CitrixXenserver Version6.0.2
CitrixXenserver Version6.2.0
CitrixXenserver Version6.5
CitrixXenserver Version7.0
XenXen
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.45% 0.361
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://security.gentoo.org/glsa/201612-56
https://support.citrix.com/article/CTX218775
Patch
Third Party Advisory
http://www.securityfocus.com/bid/94471
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037340
Third Party Advisory
VDB Entry
http://xenbits.xen.org/xsa/advisory-191.html
Patch
Vendor Advisory