CVE-2016-7092

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.

References

http://support.citrix.com/article/CTX216071

http://www.debian.org/security/2016/dsa-3663

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/92862

http://www.securitytracker.com/id/1036751

http://xenbits.xen.org/xsa/advisory-185.html

http://xenbits.xen.org/xsa/xsa185.patch

https://security.gentoo.org/glsa/201611-09

Details

Source: MITRE

Published: 2016-09-21

Updated: 2017-07-01

Type: CWE-264

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.1

Severity: MEDIUM

CVSS v3

Base Score: 8.2

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 1.5

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
95500FreeBSD : xen-kernel -- x86: Disallow L3 recursive pagetable for 32-bit PV guests (45ca25b5-ba4d-11e6-ae1b-002590263bf5)NessusFreeBSD Local Security Checks
high
94893GLSA-201611-09 : Xen: Multiple vulnerabilities (Bunker Buster)NessusGentoo Local Security Checks
high
94780Fedora 25 : xen (2016-1d8429b89f)NessusFedora Local Security Checks
high
94608SUSE SLES11 Security Update : xen (SUSE-SU-2016:2725-1) (Bunker Buster)NessusSuSE Local Security Checks
critical
94269SUSE SLES12 Security Update : xen (SUSE-SU-2016:2533-1) (Bunker Buster)NessusSuSE Local Security Checks
critical
94267SUSE SLES11 Security Update : xen (SUSE-SU-2016:2528-1) (Bunker Buster)NessusSuSE Local Security Checks
critical
94038SUSE SLES11 Security Update : xen (SUSE-SU-2016:2507-1) (Bunker Buster)NessusSuSE Local Security Checks
high
94000openSUSE Security Update : xen (openSUSE-2016-1170) (Bunker Buster)NessusSuSE Local Security Checks
critical
93999openSUSE Security Update : xen (openSUSE-2016-1169) (Bunker Buster)NessusSuSE Local Security Checks
critical
93935SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2016:2473-1) (Bunker Buster)NessusSuSE Local Security Checks
high
93623Fedora 23 : xen (2016-1c3374bcb9)NessusFedora Local Security Checks
high
93608Citrix XenServer Multiple Vulnerabilities (CTX216071)NessusMisc.
medium
93491Fedora 24 : xen (2016-7d2c67d1f5)NessusFedora Local Security Checks
high
93418Debian DSA-3663-1 : xen - security updateNessusDebian Local Security Checks
high
93413Debian DLA-614-1 : xen security updateNessusDebian Local Security Checks
high
93397OracleVM 3.2 : xen (OVMSA-2016-0104)NessusOracleVM Local Security Checks
high
93396OracleVM 3.3 : xen (OVMSA-2016-0103)NessusOracleVM Local Security Checks
high
93395OracleVM 3.4 : xen (OVMSA-2016-0102)NessusOracleVM Local Security Checks
high