CVE-2016-3157

HIGH

Description

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access.

References

http://www.debian.org/security/2016/dsa-3607

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.securityfocus.com/bid/84594

http://www.securitytracker.com/id/1035308

http://www.ubuntu.com/usn/USN-2968-1

http://www.ubuntu.com/usn/USN-2968-2

http://www.ubuntu.com/usn/USN-2969-1

http://www.ubuntu.com/usn/USN-2970-1

http://www.ubuntu.com/usn/USN-2971-1

http://www.ubuntu.com/usn/USN-2971-2

http://www.ubuntu.com/usn/USN-2971-3

http://www.ubuntu.com/usn/USN-2996-1

http://www.ubuntu.com/usn/USN-2997-1

http://xenbits.xen.org/xsa/advisory-171.html

Details

Source: MITRE

Published: 2016-04-12

Updated: 2016-12-03

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
96073OracleVM 3.2 : Unbreakable / etc (OVMSA-2016-0181)NessusOracleVM Local Security Checks
critical
96072OracleVM 3.3 : Unbreakable / etc (OVMSA-2016-0180)NessusOracleVM Local Security Checks
critical
96070Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3657)NessusOracle Linux Local Security Checks
critical
96069Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3656)NessusOracle Linux Local Security Checks
critical
93148Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3596)NessusOracle Linux Local Security Checks
critical
91886Debian DSA-3607-1 : linux - security updateNessusDebian Local Security Checks
critical
91687Debian DLA-516-1 : linux security updateNessusDebian Local Security Checks
critical
91559Ubuntu 12.04 LTS : linux vulnerabilities (USN-2996-1)NessusUbuntu Local Security Checks
critical
91094Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-2971-3)NessusUbuntu Local Security Checks
high
91093Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-2971-2)NessusUbuntu Local Security Checks
high
91092Ubuntu 15.10 : linux vulnerabilities (USN-2971-1)NessusUbuntu Local Security Checks
high
91091Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2970-1)NessusUbuntu Local Security Checks
high
91090Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2969-1)NessusUbuntu Local Security Checks
high
91089Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2968-2)NessusUbuntu Local Security Checks
high
91088Ubuntu 14.04 LTS : linux vulnerabilities (USN-2968-1)NessusUbuntu Local Security Checks
high
91085Ubuntu 16.04 LTS : linux-snapdragon vulnerability (USN-2965-4)NessusUbuntu Local Security Checks
critical
91084Ubuntu 16.04 LTS : linux-raspi2 vulnerabilities (USN-2965-3)NessusUbuntu Local Security Checks
critical
91083Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-2965-2)NessusUbuntu Local Security Checks
critical
91082Ubuntu 16.04 LTS : linux vulnerabilities (USN-2965-1)NessusUbuntu Local Security Checks
critical
90471Fedora 22 : kernel-4.4.6-201.fc22 (2016-ed5110c4bb)NessusFedora Local Security Checks
high
90463Fedora 23 : kernel-4.4.6-301.fc23 (2016-7e602c0e5e)NessusFedora Local Security Checks
high
90330Fedora 24 : kernel-4.5.0-302.fc24 (2016-81fd1b03aa)NessusFedora Local Security Checks
high
90298OracleVM 3.4 : kernel-uek (OVMSA-2016-0041)NessusOracleVM Local Security Checks
high
90297Oracle Linux 6 / 7 : kernel-uek (ELSA-2016-3529)NessusOracle Linux Local Security Checks
high
89966Amazon Linux AMI : kernel (ALAS-2016-669)NessusAmazon Linux Local Security Checks
high