CVE-2016-9383

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions.

References

http://www.securityfocus.com/bid/94474

http://www.securitytracker.com/id/1037346

http://xenbits.xen.org/xsa/advisory-195.html

https://security.gentoo.org/glsa/201612-56

https://support.citrix.com/article/CTX218775

Details

Source: MITRE

Published: 2017-01-23

Updated: 2017-07-01

Type: CWE-20

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 2

Severity: HIGH

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
103830OracleVM 3.4 : xen (OVMSA-2017-0153)NessusOracleVM Local Security Checks
critical
96253openSUSE Security Update : xen (openSUSE-2017-5)NessusSuSE Local Security Checks
high
96252openSUSE Security Update : xen (openSUSE-2017-4)NessusSuSE Local Security Checks
high
96231GLSA-201612-56 : Xen: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
96150SUSE SLES11 Security Update : xen (SUSE-SU-2016:3273-1)NessusSuSE Local Security Checks
high
96032SUSE SLES11 Security Update : xen (SUSE-SU-2016:3174-1)NessusSuSE Local Security Checks
high
95910openSUSE Security Update : xen (openSUSE-2016-1477)NessusSuSE Local Security Checks
high
95822SUSE SLES12 Security Update : xen (SUSE-SU-2016:3156-1)NessusSuSE Local Security Checks
high
95761SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2016:3083-1)NessusSuSE Local Security Checks
high
95709SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2016:3067-1)NessusSuSE Local Security Checks
high
95630Xen Multiple Vulnerabilities (XSA-191 - XSA-198)NessusMisc.
high
95624SUSE SLES11 Security Update : xen (SUSE-SU-2016:3044-1)NessusSuSE Local Security Checks
high
95610Debian DSA-3729-1 : xen - security updateNessusDebian Local Security Checks
high
95539Citrix XenServer Multiple Vulnerabilities (CTX218775)NessusMisc.
high
95509FreeBSD : xen-kernel -- x86 64-bit bit test instruction emulation broken (56f0f11e-ba4d-11e6-ae1b-002590263bf5)NessusFreeBSD Local Security Checks
high
95493Fedora 25 : xen (2016-999e1a6927)NessusFedora Local Security Checks
high
95492Fedora 24 : xen (2016-95c104a4c6)NessusFedora Local Security Checks
high
95491Fedora 23 : xen (2016-68b71978a1)NessusFedora Local Security Checks
high
95296Debian DLA-720-1 : xen security updateNessusDebian Local Security Checks
high
95280OracleVM 3.2 : xen (OVMSA-2016-0166)NessusOracleVM Local Security Checks
high
95279OracleVM 3.3 : xen (OVMSA-2016-0165)NessusOracleVM Local Security Checks
high
95278OracleVM 3.4 : xen (OVMSA-2016-0164)NessusOracleVM Local Security Checks
high