CVE-2016-9386

high

Description

The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.

References

Advisories
More

https://support.citrix.com/article/CTX218775

http://www.securitytracker.com/id/1037340

http://www.securityfocus.com/bid/94471

https://security.gentoo.org/glsa/201612-56

http://xenbits.xen.org/xsa/advisory-191.html

Details

Source: Mitre, NVD

Published: 2017-01-23

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.001

Detections

Analytics