CVE-2016-7093

high

Description

Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.

References

Advisories
More

http://www.securitytracker.com/id/1036752

http://support.citrix.com/article/CTX216071

https://security.gentoo.org/glsa/201611-09

http://xenbits.xen.org/xsa/xsa186-0001-x86-emulate-Correct-boundary-interactions-of-emulate.patch

http://xenbits.xen.org/xsa/advisory-186.html

http://www.securityfocus.com/bid/92865

Details

Source: Mitre, NVD

Published: 2016-09-21

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.2

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H