MEDIUM
The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
http://www.debian.org/security/2016/dsa-3633
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/91006
Source: MITRE
Published: 2016-06-07
Updated: 2016-11-28
Type: CWE-264
Base Score: 6.8
Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 3.1
Severity: MEDIUM
Base Score: 6.7
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 0.8
Severity: MEDIUM