CVE-2016-6258

HIGH

Description

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.

References

http://support.citrix.com/article/CTX214954

http://www.debian.org/security/2016/dsa-3633

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/92131

http://www.securitytracker.com/id/1036446

http://xenbits.xen.org/xsa/advisory-182.html

http://xenbits.xen.org/xsa/xsa182-4.5.patch

http://xenbits.xen.org/xsa/xsa182-4.6.patch

http://xenbits.xen.org/xsa/xsa182-unstable.patch

https://security.gentoo.org/glsa/201611-09

Details

Source: MITRE

Published: 2016-08-02

Updated: 2017-07-01

Type: CWE-284

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 2

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.6.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*

Configuration 2

cpe:2.3:a:citrix:xenserver:6.0:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:6.1:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:6.2.0:sp1:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:6.5.0:sp1:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (20 total)

ID	Name	Product	Family	Severity
140019	OracleVM 3.4 : xen (OVMSA-2020-0039) (Bunker Buster) (Foreshadow) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (Meltdown) (POODLE) (Spectre)	Nessus	OracleVM Local Security Checks	critical
111992	OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)	Nessus	OracleVM Local Security Checks	critical
94893	GLSA-201611-09 : Xen: Multiple vulnerabilities (Bunker Buster)	Nessus	Gentoo Local Security Checks	high
94608	SUSE SLES11 Security Update : xen (SUSE-SU-2016:2725-1) (Bunker Buster)	Nessus	SuSE Local Security Checks	high
94269	SUSE SLES12 Security Update : xen (SUSE-SU-2016:2533-1) (Bunker Buster)	Nessus	SuSE Local Security Checks	high
94267	SUSE SLES11 Security Update : xen (SUSE-SU-2016:2528-1) (Bunker Buster)	Nessus	SuSE Local Security Checks	high
94038	SUSE SLES11 Security Update : xen (SUSE-SU-2016:2507-1) (Bunker Buster)	Nessus	SuSE Local Security Checks	high
94000	openSUSE Security Update : xen (openSUSE-2016-1170) (Bunker Buster)	Nessus	SuSE Local Security Checks	high
93999	openSUSE Security Update : xen (openSUSE-2016-1169) (Bunker Buster)	Nessus	SuSE Local Security Checks	high
93935	SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2016:2473-1) (Bunker Buster)	Nessus	SuSE Local Security Checks	high
93298	SUSE SLES11 Security Update : xen (SUSE-SU-2016:2100-1) (Bunker Buster)	Nessus	SuSE Local Security Checks	high
93296	SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2016:2093-1) (Bunker Buster)	Nessus	SuSE Local Security Checks	high
92796	Fedora 23 : xen (2016-0049aa6e5d) (Bunker Buster)	Nessus	Fedora Local Security Checks	high
92766	Fedora 24 : xen (2016-01cc766201) (Bunker Buster)	Nessus	Fedora Local Security Checks	high
92723	Citrix XenServer Multiple Vulnerabilities (CTX214954) (Bunker Buster)	Nessus	Misc.	high
92701	Xen Privilege Escalation (XSA-182) (Bunker Buster)	Nessus	Misc.	high
92674	FreeBSD : xen-kernel -- x86: Privilege escalation in PV guests (032aa524-5854-11e6-b334-002590263bf5) (Bunker Buster)	Nessus	FreeBSD Local Security Checks	high
92635	Debian DLA-571-1 : xen security update (Bunker Buster)	Nessus	Debian Local Security Checks	high
92614	Debian DSA-3633-1 : xen - security update (Bunker Buster)	Nessus	Debian Local Security Checks	high
92600	OracleVM 3.4 : xen (OVMSA-2016-0088) (Bunker Buster)	Nessus	OracleVM Local Security Checks	high